Changelogs
Версия 7.9rc5
2023-04-28
What's new in 7.9rc5 (2023-Apr-28 11:52):
Changes in this release:
*) console - fixed password prompt (introduced in v7.9beta4);
*) lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
*) wifiwave2 - fixed a compatibility issue when using OWE authentication (introduced in v7.8);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) defconf - added CAPs mode script for wifiwave2 devices;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn - improved system stability for Tile devices;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - fixed several OIDs that were returning incorrect values (introduced in v7.9beta4);
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed SSH host key export (introduced in v7.9beta4);
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) vxlan - improved system stability when printing FDB table (introduced in v7.9beta4);
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed bogus comment for dynamic routes (introduced in v7.9beta4);
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4);
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - improved WPS connection speed;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) console - fixed password prompt (introduced in v7.9beta4);
*) lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
*) wifiwave2 - fixed a compatibility issue when using OWE authentication (introduced in v7.8);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) defconf - added CAPs mode script for wifiwave2 devices;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn - improved system stability for Tile devices;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - fixed several OIDs that were returning incorrect values (introduced in v7.9beta4);
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed SSH host key export (introduced in v7.9beta4);
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) vxlan - improved system stability when printing FDB table (introduced in v7.9beta4);
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed bogus comment for dynamic routes (introduced in v7.9beta4);
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4);
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - improved WPS connection speed;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9rc5
2023-04-28
What's new in 7.9rc5 (2023-Apr-28 11:52):
Changes in this release:
*) console - fixed password prompt (introduced in v7.9beta4);
*) lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
*) wifiwave2 - fixed a compatibility issue when using OWE authentication (introduced in v7.8);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) defconf - added CAPs mode script for wifiwave2 devices;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn - improved system stability for Tile devices;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - fixed several OIDs that were returning incorrect values (introduced in v7.9beta4);
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed SSH host key export (introduced in v7.9beta4);
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) vxlan - improved system stability when printing FDB table (introduced in v7.9beta4);
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed bogus comment for dynamic routes (introduced in v7.9beta4);
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4);
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - improved WPS connection speed;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) console - fixed password prompt (introduced in v7.9beta4);
*) lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
*) wifiwave2 - fixed a compatibility issue when using OWE authentication (introduced in v7.8);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) defconf - added CAPs mode script for wifiwave2 devices;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn - improved system stability for Tile devices;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - fixed several OIDs that were returning incorrect values (introduced in v7.9beta4);
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed SSH host key export (introduced in v7.9beta4);
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) vxlan - improved system stability when printing FDB table (introduced in v7.9beta4);
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed bogus comment for dynamic routes (introduced in v7.9beta4);
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4);
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - improved WPS connection speed;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9rc5
2023-04-28
What's new in 7.9rc5 (2023-Apr-28 11:52):
Changes in this release:
*) console - fixed password prompt (introduced in v7.9beta4);
*) lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
*) wifiwave2 - fixed a compatibility issue when using OWE authentication (introduced in v7.8);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) defconf - added CAPs mode script for wifiwave2 devices;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn - improved system stability for Tile devices;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - fixed several OIDs that were returning incorrect values (introduced in v7.9beta4);
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed SSH host key export (introduced in v7.9beta4);
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) vxlan - improved system stability when printing FDB table (introduced in v7.9beta4);
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed bogus comment for dynamic routes (introduced in v7.9beta4);
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4);
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - improved WPS connection speed;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) console - fixed password prompt (introduced in v7.9beta4);
*) lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
*) wifiwave2 - fixed a compatibility issue when using OWE authentication (introduced in v7.8);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) defconf - added CAPs mode script for wifiwave2 devices;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn - improved system stability for Tile devices;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - fixed several OIDs that were returning incorrect values (introduced in v7.9beta4);
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed SSH host key export (introduced in v7.9beta4);
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) vxlan - improved system stability when printing FDB table (introduced in v7.9beta4);
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed bogus comment for dynamic routes (introduced in v7.9beta4);
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4);
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - improved WPS connection speed;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9rc4
2023-04-25
What's new in 7.9rc4 (2023-Apr-24 16:34):
Changes in this release:
*) defconf - added CAPs mode script for wifiwave2 devices;
*) ovpn - improved system stability for Tile devices;
*) snmp - fixed several OIDs that were returning incorrect values (introduced in v7.9beta4);
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) ssh - fixed SSH host key export (introduced in v7.9beta4);
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) vxlan - improved system stability when printing FDB table (introduced in v7.9beta4);
*) webfig - fixed bogus comment for dynamic routes (introduced in v7.9beta4);
*) wifiwave2 - fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4);
*) wifiwave2 - improved WPS connection speed;
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) defconf - added CAPs mode script for wifiwave2 devices;
*) ovpn - improved system stability for Tile devices;
*) snmp - fixed several OIDs that were returning incorrect values (introduced in v7.9beta4);
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) ssh - fixed SSH host key export (introduced in v7.9beta4);
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) vxlan - improved system stability when printing FDB table (introduced in v7.9beta4);
*) webfig - fixed bogus comment for dynamic routes (introduced in v7.9beta4);
*) wifiwave2 - fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4);
*) wifiwave2 - improved WPS connection speed;
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9rc4
2023-04-25
What's new in 7.9rc4 (2023-Apr-24 16:34):
Changes in this release:
*) defconf - added CAPs mode script for wifiwave2 devices;
*) ovpn - improved system stability for Tile devices;
*) snmp - fixed several OIDs that were returning incorrect values (introduced in v7.9beta4);
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) ssh - fixed SSH host key export (introduced in v7.9beta4);
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) vxlan - improved system stability when printing FDB table (introduced in v7.9beta4);
*) webfig - fixed bogus comment for dynamic routes (introduced in v7.9beta4);
*) wifiwave2 - fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4);
*) wifiwave2 - improved WPS connection speed;
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) defconf - added CAPs mode script for wifiwave2 devices;
*) ovpn - improved system stability for Tile devices;
*) snmp - fixed several OIDs that were returning incorrect values (introduced in v7.9beta4);
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) ssh - fixed SSH host key export (introduced in v7.9beta4);
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) vxlan - improved system stability when printing FDB table (introduced in v7.9beta4);
*) webfig - fixed bogus comment for dynamic routes (introduced in v7.9beta4);
*) wifiwave2 - fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4);
*) wifiwave2 - improved WPS connection speed;
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9rc4
2023-04-25
What's new in 7.9rc4 (2023-Apr-24 16:34):
Changes in this release:
*) defconf - added CAPs mode script for wifiwave2 devices;
*) ovpn - improved system stability for Tile devices;
*) snmp - fixed several OIDs that were returning incorrect values (introduced in v7.9beta4);
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) ssh - fixed SSH host key export (introduced in v7.9beta4);
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) vxlan - improved system stability when printing FDB table (introduced in v7.9beta4);
*) webfig - fixed bogus comment for dynamic routes (introduced in v7.9beta4);
*) wifiwave2 - fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4);
*) wifiwave2 - improved WPS connection speed;
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) defconf - added CAPs mode script for wifiwave2 devices;
*) ovpn - improved system stability for Tile devices;
*) snmp - fixed several OIDs that were returning incorrect values (introduced in v7.9beta4);
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) ssh - fixed SSH host key export (introduced in v7.9beta4);
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) vxlan - improved system stability when printing FDB table (introduced in v7.9beta4);
*) webfig - fixed bogus comment for dynamic routes (introduced in v7.9beta4);
*) wifiwave2 - fixed WPS connectivity issues on 802.11ax APs (introduced in v7.9beta4);
*) wifiwave2 - improved WPS connection speed;
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9rc3
2023-04-13
What's new in 7.9rc3 (2023-Apr-12 15:53):
Changes in this release:
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9rc3
2023-04-13
What's new in 7.9rc3 (2023-Apr-12 15:53):
Changes in this release:
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9rc3
2023-04-13
What's new in 7.9rc3 (2023-Apr-12 15:53):
Changes in this release:
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) tools - fixed "ip-scan" (introduced in v7.9beta4);
*) user-manager - fixed process startup after booting (introduced in v7.9beta4);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9rc2
2023-04-06
What's new in 7.9rc2 (2023-Apr-05 13:56):
Changes in this release:
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9rc2
2023-04-06
What's new in 7.9rc2 (2023-Apr-05 13:56):
Changes in this release:
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9rc2
2023-04-06
What's new in 7.9rc2 (2023-Apr-05 13:56):
Changes in this release:
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) snmp - fixed several OIDs that were returning empty values (introduced in v7.9beta4);
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) wifiwave2 - fixed group key update for VLAN-tagged clients (introduced in v7.9beta4);
Other changes since v7.8:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9rc1
2023-03-31
What's new in 7.9rc1 (2023-Mar-30 16:42):
Changes in this release:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) netinstall-cli - improved device reinstall on failed attempt;
*) snmp - improved outputting of routes;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) timezone - updated timezone information from "tzdata2023c" release;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) winbox - fixed changing slot name under "System/Disk" menu;
Other changes since v7.8:
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) netinstall-cli - improved device reinstall on failed attempt;
*) snmp - improved outputting of routes;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) timezone - updated timezone information from "tzdata2023c" release;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) winbox - fixed changing slot name under "System/Disk" menu;
Other changes since v7.8:
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9rc1
2023-03-31
What's new in 7.9rc1 (2023-Mar-30 16:42):
Changes in this release:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) netinstall-cli - improved device reinstall on failed attempt;
*) snmp - improved outputting of routes;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) timezone - updated timezone information from "tzdata2023c" release;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) winbox - fixed changing slot name under "System/Disk" menu;
Other changes since v7.8:
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) netinstall-cli - improved device reinstall on failed attempt;
*) snmp - improved outputting of routes;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) timezone - updated timezone information from "tzdata2023c" release;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) winbox - fixed changing slot name under "System/Disk" menu;
Other changes since v7.8:
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9rc1
2023-03-31
What's new in 7.9rc1 (2023-Mar-30 16:42):
Changes in this release:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) netinstall-cli - improved device reinstall on failed attempt;
*) snmp - improved outputting of routes;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) timezone - updated timezone information from "tzdata2023c" release;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) winbox - fixed changing slot name under "System/Disk" menu;
Other changes since v7.8:
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) bgp - copy all well-known and optional transitive attributes for BGP VPNv4 (introduced in v7.9beta4);
*) bgp - fixed BGP VPNv4 origin attribute (introduced in v7.9beta4);
*) console - fixed syntax highlighting when editing scripts (introduced in v7.9beta4);
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) health - fixed bogus value reporting for CRS510 device;
*) ike1 - improved service stability when handling non-RSA keys (introduced in v7.9beta4);
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - improved handling of configuration that refers to non-existent certificate (introduced in v7.9beta4);
*) ipv6 - fixed IPv6 ND configuration change storing (introduced in v7.9beta4);
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) netinstall-cli - improved device reinstall on failed attempt;
*) snmp - improved outputting of routes;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - improved system stability when using SSH tunneling (introduced in v7.9beta4);
*) timezone - updated timezone information from "tzdata2023c" release;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) winbox - fixed changing slot name under "System/Disk" menu;
Other changes since v7.8:
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9beta4
2023-03-24
What's new in 7.9beta4 (2023-Mar-23 15:01):
Changes in this release:
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9beta4
2023-03-24
What's new in 7.9beta4 (2023-Mar-23 15:01):
Changes in this release:
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9beta4
2023-03-24
What's new in 7.9beta4 (2023-Mar-23 15:01):
Changes in this release:
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Changes in this release:
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) mpls- fixed LDP "preferred-afi" parameter;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.8rc3
2023-02-22
What's new in 7.8rc3 (2023-Feb-20 16:32):
Changes in this release:
*) vxlan - fixed MAC learning when using FastPath (introduced in v7.8beta3);
Other changes since v7.7:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed config-less modem support (introduced in 7.8rc1);
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) ovpn-server - fixed HW encryption capability detection on ARM64 devices (introduced in 7.8rc1);
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed certain optical module initialization (introduced in 7.8beta2);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Changes in this release:
*) vxlan - fixed MAC learning when using FastPath (introduced in v7.8beta3);
Other changes since v7.7:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed config-less modem support (introduced in 7.8rc1);
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) ovpn-server - fixed HW encryption capability detection on ARM64 devices (introduced in 7.8rc1);
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed certain optical module initialization (introduced in 7.8beta2);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Версия 7.8rc3
2023-02-22
What's new in 7.8rc3 (2023-Feb-20 16:32):
Changes in this release:
*) vxlan - fixed MAC learning when using FastPath (introduced in v7.8beta3);
Other changes since v7.7:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed config-less modem support (introduced in 7.8rc1);
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) ovpn-server - fixed HW encryption capability detection on ARM64 devices (introduced in 7.8rc1);
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed certain optical module initialization (introduced in 7.8beta2);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Changes in this release:
*) vxlan - fixed MAC learning when using FastPath (introduced in v7.8beta3);
Other changes since v7.7:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed config-less modem support (introduced in 7.8rc1);
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) ovpn-server - fixed HW encryption capability detection on ARM64 devices (introduced in 7.8rc1);
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed certain optical module initialization (introduced in 7.8beta2);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Версия 7.8rc3
2023-02-22
What's new in 7.8rc3 (2023-Feb-20 16:32):
Changes in this release:
*) vxlan - fixed MAC learning when using FastPath (introduced in v7.8beta3);
Other changes since v7.7:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed config-less modem support (introduced in 7.8rc1);
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) ovpn-server - fixed HW encryption capability detection on ARM64 devices (introduced in 7.8rc1);
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed certain optical module initialization (introduced in 7.8beta2);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Changes in this release:
*) vxlan - fixed MAC learning when using FastPath (introduced in v7.8beta3);
Other changes since v7.7:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed config-less modem support (introduced in 7.8rc1);
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) ovpn-server - fixed HW encryption capability detection on ARM64 devices (introduced in 7.8rc1);
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed certain optical module initialization (introduced in 7.8beta2);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Версия 7.8rc2
2023-02-15
What's new in 7.8rc2 (2023-Feb-14 11:50):
Changes in this release:
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) conntrack - improved system stability when PPTP helper is used;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - fixed config-less modem support (introduced in 7.8rc1);
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) ovpn-server - fixed HW encryption capability detection on ARM64 devices (introduced in 7.8rc1);
*) sfp - fixed certain optical module initialization (introduced in 7.8beta2);
Other changes since v7.7:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Changes in this release:
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) conntrack - improved system stability when PPTP helper is used;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - fixed config-less modem support (introduced in 7.8rc1);
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) ovpn-server - fixed HW encryption capability detection on ARM64 devices (introduced in 7.8rc1);
*) sfp - fixed certain optical module initialization (introduced in 7.8beta2);
Other changes since v7.7:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Версия 7.8rc2
2023-02-15
What's new in 7.8rc2 (2023-Feb-14 11:50):
Changes in this release:
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) conntrack - improved system stability when PPTP helper is used;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - fixed config-less modem support (introduced in 7.8rc1);
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) ovpn-server - fixed HW encryption capability detection on ARM64 devices (introduced in 7.8rc1);
*) sfp - fixed certain optical module initialization (introduced in 7.8beta2);
Other changes since v7.7:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Changes in this release:
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) conntrack - improved system stability when PPTP helper is used;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - fixed config-less modem support (introduced in 7.8rc1);
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) ovpn-server - fixed HW encryption capability detection on ARM64 devices (introduced in 7.8rc1);
*) sfp - fixed certain optical module initialization (introduced in 7.8beta2);
Other changes since v7.7:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Версия 7.8rc2
2023-02-15
What's new in 7.8rc2 (2023-Feb-14 11:50):
Changes in this release:
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) conntrack - improved system stability when PPTP helper is used;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - fixed config-less modem support (introduced in 7.8rc1);
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) ovpn-server - fixed HW encryption capability detection on ARM64 devices (introduced in 7.8rc1);
*) sfp - fixed certain optical module initialization (introduced in 7.8beta2);
Other changes since v7.7:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Changes in this release:
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) conntrack - improved system stability when PPTP helper is used;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - fixed config-less modem support (introduced in 7.8rc1);
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) ovpn-server - fixed HW encryption capability detection on ARM64 devices (introduced in 7.8rc1);
*) sfp - fixed certain optical module initialization (introduced in 7.8beta2);
Other changes since v7.7:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Версия 7.8rc1
2023-02-10
What's new in 7.8rc1 (2023-Feb-08 20:03):
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) console - added "as-string" parameter to the ":execute" command;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) vxlan - added "max-fdb-size" parameter;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
Other changes since v7.7:
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) console - added "as-string" parameter to the ":execute" command;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) vxlan - added "max-fdb-size" parameter;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
Other changes since v7.7:
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Версия 7.8rc1
2023-02-10
What's new in 7.8rc1 (2023-Feb-08 20:03):
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) console - added "as-string" parameter to the ":execute" command;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) vxlan - added "max-fdb-size" parameter;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
Other changes since v7.7:
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) console - added "as-string" parameter to the ":execute" command;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) vxlan - added "max-fdb-size" parameter;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
Other changes since v7.7:
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Версия 7.8rc1
2023-02-10
What's new in 7.8rc1 (2023-Feb-08 20:03):
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) console - added "as-string" parameter to the ":execute" command;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) vxlan - added "max-fdb-size" parameter;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
Other changes since v7.7:
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) certificate - fixed certificate import (introduced in v7.8beta2);
*) console - added "as-string" parameter to the ":execute" command;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) vxlan - added "max-fdb-size" parameter;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
Other changes since v7.7:
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zeroter - fixed routes after VRF change;
Версия 7.8beta3
2023-02-03
What's new in 7.8beta3 (2023-Feb-01 16:10):
Important note!!!
Version is not recommended on CRS3xx devices.
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed adding disabled MSTI;
*) bridge - improved HW offloading logic;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved multiple certificate import process;
*) console - improved ":execute" command to output a string when a file is not specified;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) dns - fixed CNAME reading from the cache;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) led - fixed signal reading for KNOT device;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) pppoe - fixed PPPoE client scan showing only one server;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added FastPath support;
*) webfig - improved terminal operation;
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing cipher properties for OVPN server and client;
*) winbox - added missing filtering properties under "Tools/Packet Sniffer" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) zeroter - fixed routes after VRF change;
Other changes since v7.7:
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed PVID warning typo;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
Important note!!!
Version is not recommended on CRS3xx devices.
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed adding disabled MSTI;
*) bridge - improved HW offloading logic;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved multiple certificate import process;
*) console - improved ":execute" command to output a string when a file is not specified;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) dns - fixed CNAME reading from the cache;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) led - fixed signal reading for KNOT device;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) pppoe - fixed PPPoE client scan showing only one server;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added FastPath support;
*) webfig - improved terminal operation;
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing cipher properties for OVPN server and client;
*) winbox - added missing filtering properties under "Tools/Packet Sniffer" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) zeroter - fixed routes after VRF change;
Other changes since v7.7:
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed PVID warning typo;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
Версия 7.8beta3
2023-02-03
What's new in 7.8beta3 (2023-Feb-01 16:10):
Important note!!!
Version is not recommended on CRS3xx devices.
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed adding disabled MSTI;
*) bridge - improved HW offloading logic;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved multiple certificate import process;
*) console - improved ":execute" command to output a string when a file is not specified;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) dns - fixed CNAME reading from the cache;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) led - fixed signal reading for KNOT device;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) pppoe - fixed PPPoE client scan showing only one server;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added FastPath support;
*) webfig - improved terminal operation;
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing cipher properties for OVPN server and client;
*) winbox - added missing filtering properties under "Tools/Packet Sniffer" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) zeroter - fixed routes after VRF change;
Other changes since v7.7:
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed PVID warning typo;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
Important note!!!
Version is not recommended on CRS3xx devices.
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed adding disabled MSTI;
*) bridge - improved HW offloading logic;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved multiple certificate import process;
*) console - improved ":execute" command to output a string when a file is not specified;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) dns - fixed CNAME reading from the cache;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) led - fixed signal reading for KNOT device;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) pppoe - fixed PPPoE client scan showing only one server;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added FastPath support;
*) webfig - improved terminal operation;
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing cipher properties for OVPN server and client;
*) winbox - added missing filtering properties under "Tools/Packet Sniffer" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) zeroter - fixed routes after VRF change;
Other changes since v7.7:
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed PVID warning typo;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
Версия 7.8beta3
2023-02-03
What's new in 7.8beta3 (2023-Feb-01 16:10):
Important note!!!
Version is not recommended on CRS3xx devices.
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed adding disabled MSTI;
*) bridge - improved HW offloading logic;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved multiple certificate import process;
*) console - improved ":execute" command to output a string when a file is not specified;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) dns - fixed CNAME reading from the cache;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) led - fixed signal reading for KNOT device;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) pppoe - fixed PPPoE client scan showing only one server;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added FastPath support;
*) webfig - improved terminal operation;
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing cipher properties for OVPN server and client;
*) winbox - added missing filtering properties under "Tools/Packet Sniffer" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) zeroter - fixed routes after VRF change;
Other changes since v7.7:
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed PVID warning typo;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
Important note!!!
Version is not recommended on CRS3xx devices.
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bridge - fixed adding disabled MSTI;
*) bridge - improved HW offloading logic;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved multiple certificate import process;
*) console - improved ":execute" command to output a string when a file is not specified;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) dns - fixed CNAME reading from the cache;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) led - fixed signal reading for KNOT device;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) pppoe - fixed PPPoE client scan showing only one server;
*) route - added hoplimit and metric parameters to SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) switch - fixed "switch-cpu" counters (introduced in 7.8beta2);
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected
*) vxlan - added FastPath support;
*) webfig - improved terminal operation;
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - fixed 802.11r fast transition when using wpa3-psk authentication (introduced in 7.8beta2);
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing cipher properties for OVPN server and client;
*) winbox - added missing filtering properties under "Tools/Packet Sniffer" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) zeroter - fixed routes after VRF change;
Other changes since v7.7:
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed PVID warning typo;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
Версия 7.8beta2
2023-01-20
What's new in 7.8beta2 (2023-Jan-20 12:27):
Important note!!!
Version is not recommended on CRS3xx devices.
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
Important note!!!
Version is not recommended on CRS3xx devices.
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
Версия 7.8beta2
2023-01-20
What's new in 7.8beta2 (2023-Jan-20 12:27):
Important note!!!
Version is not recommended on CRS3xx devices.
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
Important note!!!
Version is not recommended on CRS3xx devices.
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
Версия 7.8beta2
2023-01-20
What's new in 7.8beta2 (2023-Jan-20 12:27):
Important note!!!
Version is not recommended on CRS3xx devices.
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
Important note!!!
Version is not recommended on CRS3xx devices.
Changes in this release:
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when changing connection tracking state;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters (CLI only);
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support (CLI only);
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters (CLI only);
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved system stability for 98DXxxxx switch chips;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
Версия 7.7rc5
2023-01-11
What's new in 7.7rc5 (2023-Jan-11 13:20):
Changes in this release:
*) dns - fixed CNAME reading from the cache (introduced in v7.7rc3);
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - fixed R11e-LTE6 port mapping;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed BGP advertisement PCAP saver;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved Let's Encrypt logging and error recovery;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) console - updated copyright notice;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved IKE payload processing;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed simple authentication checksum calculation;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) supout - added missing IPv6 firewall sections;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) timezone - updated timezone information from "tzdata2022g" release;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Changes in this release:
*) dns - fixed CNAME reading from the cache (introduced in v7.7rc3);
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - fixed R11e-LTE6 port mapping;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed BGP advertisement PCAP saver;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved Let's Encrypt logging and error recovery;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) console - updated copyright notice;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved IKE payload processing;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed simple authentication checksum calculation;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) supout - added missing IPv6 firewall sections;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) timezone - updated timezone information from "tzdata2022g" release;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7rc5
2023-01-11
What's new in 7.7rc5 (2023-Jan-11 13:20):
Changes in this release:
*) dns - fixed CNAME reading from the cache (introduced in v7.7rc3);
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - fixed R11e-LTE6 port mapping;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed BGP advertisement PCAP saver;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved Let's Encrypt logging and error recovery;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) console - updated copyright notice;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved IKE payload processing;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed simple authentication checksum calculation;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) supout - added missing IPv6 firewall sections;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) timezone - updated timezone information from "tzdata2022g" release;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Changes in this release:
*) dns - fixed CNAME reading from the cache (introduced in v7.7rc3);
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - fixed R11e-LTE6 port mapping;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed BGP advertisement PCAP saver;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved Let's Encrypt logging and error recovery;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) console - updated copyright notice;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved IKE payload processing;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed simple authentication checksum calculation;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) supout - added missing IPv6 firewall sections;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) timezone - updated timezone information from "tzdata2022g" release;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7rc5
2023-01-11
What's new in 7.7rc5 (2023-Jan-11 13:20):
Changes in this release:
*) dns - fixed CNAME reading from the cache (introduced in v7.7rc3);
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - fixed R11e-LTE6 port mapping;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed BGP advertisement PCAP saver;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved Let's Encrypt logging and error recovery;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) console - updated copyright notice;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved IKE payload processing;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed simple authentication checksum calculation;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) supout - added missing IPv6 firewall sections;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) timezone - updated timezone information from "tzdata2022g" release;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Changes in this release:
*) dns - fixed CNAME reading from the cache (introduced in v7.7rc3);
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - fixed R11e-LTE6 port mapping;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed BGP advertisement PCAP saver;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved Let's Encrypt logging and error recovery;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) console - updated copyright notice;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved IKE payload processing;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed simple authentication checksum calculation;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) supout - added missing IPv6 firewall sections;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) timezone - updated timezone information from "tzdata2022g" release;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7rc4
2023-01-04
What's new in 7.7rc4 (2023-Jan-03 13:13):
Changes in this release:
*) bgp - fixed BGP advertisement PCAP saver;
*) console - updated copyright notice;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) ospf - fixed simple authentication checksum calculation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) timezone - updated timezone information from "tzdata2022g" release;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Changes in this release:
*) bgp - fixed BGP advertisement PCAP saver;
*) console - updated copyright notice;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) ospf - fixed simple authentication checksum calculation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) timezone - updated timezone information from "tzdata2022g" release;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7rc4
2023-01-04
What's new in 7.7rc4 (2023-Jan-03 13:13):
Changes in this release:
*) bgp - fixed BGP advertisement PCAP saver;
*) console - updated copyright notice;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) ospf - fixed simple authentication checksum calculation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) timezone - updated timezone information from "tzdata2022g" release;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Changes in this release:
*) bgp - fixed BGP advertisement PCAP saver;
*) console - updated copyright notice;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) ospf - fixed simple authentication checksum calculation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) timezone - updated timezone information from "tzdata2022g" release;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7rc4
2023-01-04
What's new in 7.7rc4 (2023-Jan-03 13:13):
Changes in this release:
*) bgp - fixed BGP advertisement PCAP saver;
*) console - updated copyright notice;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) ospf - fixed simple authentication checksum calculation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) timezone - updated timezone information from "tzdata2022g" release;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Changes in this release:
*) bgp - fixed BGP advertisement PCAP saver;
*) console - updated copyright notice;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) ospf - fixed simple authentication checksum calculation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) timezone - updated timezone information from "tzdata2022g" release;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7rc3
2022-12-22
What's new in 7.7rc3 (2022-Dec-21 17:12):
Changes in this release:
*) bgp - do not reflect route back to sender;
*) bgp - fixed connection establishment using link-local addresses;
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Changes in this release:
*) bgp - do not reflect route back to sender;
*) bgp - fixed connection establishment using link-local addresses;
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7rc3
2022-12-22
What's new in 7.7rc3 (2022-Dec-21 17:12):
Changes in this release:
*) bgp - do not reflect route back to sender;
*) bgp - fixed connection establishment using link-local addresses;
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Changes in this release:
*) bgp - do not reflect route back to sender;
*) bgp - fixed connection establishment using link-local addresses;
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7rc3
2022-12-22
What's new in 7.7rc3 (2022-Dec-21 17:12):
Changes in this release:
*) bgp - do not reflect route back to sender;
*) bgp - fixed connection establishment using link-local addresses;
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Changes in this release:
*) bgp - do not reflect route back to sender;
*) bgp - fixed connection establishment using link-local addresses;
*) dns - fixed resolution of static CNAME DNS names (introduced in v7.7beta);
*) ike2 - added support for ChaChaPoly1305 encryption;
*) port - restored missing AT/modem channel on KNOT (introduced in v7.7beta6);
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7rc2
2022-12-19
What's new in 7.7rc2 (2022-Dec-16 20:23):
Changes in this release:
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - improved service stability when CNAME points to a FWD entry;
*) hotspot - improved limitation of maximum allowed connections;
*) ipsec - improved IKE payload processing;
*) snmp - improved stability when receiving bogus packets;
*) wifiwave2 - improved compliance with regulatory domain information;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Changes in this release:
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - improved service stability when CNAME points to a FWD entry;
*) hotspot - improved limitation of maximum allowed connections;
*) ipsec - improved IKE payload processing;
*) snmp - improved stability when receiving bogus packets;
*) wifiwave2 - improved compliance with regulatory domain information;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7rc2
2022-12-19
What's new in 7.7rc2 (2022-Dec-16 20:23):
Changes in this release:
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - improved service stability when CNAME points to a FWD entry;
*) hotspot - improved limitation of maximum allowed connections;
*) ipsec - improved IKE payload processing;
*) snmp - improved stability when receiving bogus packets;
*) wifiwave2 - improved compliance with regulatory domain information;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Changes in this release:
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - improved service stability when CNAME points to a FWD entry;
*) hotspot - improved limitation of maximum allowed connections;
*) ipsec - improved IKE payload processing;
*) snmp - improved stability when receiving bogus packets;
*) wifiwave2 - improved compliance with regulatory domain information;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7rc2
2022-12-19
What's new in 7.7rc2 (2022-Dec-16 20:23):
Changes in this release:
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - improved service stability when CNAME points to a FWD entry;
*) hotspot - improved limitation of maximum allowed connections;
*) ipsec - improved IKE payload processing;
*) snmp - improved stability when receiving bogus packets;
*) wifiwave2 - improved compliance with regulatory domain information;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Changes in this release:
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - improved service stability when CNAME points to a FWD entry;
*) hotspot - improved limitation of maximum allowed connections;
*) ipsec - improved IKE payload processing;
*) snmp - improved stability when receiving bogus packets;
*) wifiwave2 - improved compliance with regulatory domain information;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved Let's Encrypt logging and error recovery;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7rc1
2022-12-12
What's new in 7.7rc1 (2022-Dec-08 16:38):
Changes in this release:
*) certificate - improved Let's Encrypt logging and error recovery;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) ike1 - disallow "remote-id" setting for identity;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - properly show leading zeros in MCC and MNC strings;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - fixed assigning of explicit null label for IPv6;
*) ovpn - added support for IPv6 tunneling;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) swos - fixed SwOS configuration changes from RouterOS;
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunnelling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Changes in this release:
*) certificate - improved Let's Encrypt logging and error recovery;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) ike1 - disallow "remote-id" setting for identity;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - properly show leading zeros in MCC and MNC strings;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - fixed assigning of explicit null label for IPv6;
*) ovpn - added support for IPv6 tunneling;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) swos - fixed SwOS configuration changes from RouterOS;
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunnelling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7rc1
2022-12-12
What's new in 7.7rc1 (2022-Dec-08 16:38):
Changes in this release:
*) certificate - improved Let's Encrypt logging and error recovery;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) ike1 - disallow "remote-id" setting for identity;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - properly show leading zeros in MCC and MNC strings;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - fixed assigning of explicit null label for IPv6;
*) ovpn - added support for IPv6 tunneling;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) swos - fixed SwOS configuration changes from RouterOS;
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunnelling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Changes in this release:
*) certificate - improved Let's Encrypt logging and error recovery;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) ike1 - disallow "remote-id" setting for identity;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - properly show leading zeros in MCC and MNC strings;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - fixed assigning of explicit null label for IPv6;
*) ovpn - added support for IPv6 tunneling;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) swos - fixed SwOS configuration changes from RouterOS;
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunnelling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7rc1
2022-12-12
What's new in 7.7rc1 (2022-Dec-08 16:38):
Changes in this release:
*) certificate - improved Let's Encrypt logging and error recovery;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) ike1 - disallow "remote-id" setting for identity;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - properly show leading zeros in MCC and MNC strings;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - fixed assigning of explicit null label for IPv6;
*) ovpn - added support for IPv6 tunneling;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) swos - fixed SwOS configuration changes from RouterOS;
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunnelling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Changes in this release:
*) certificate - improved Let's Encrypt logging and error recovery;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) dns - fixed regex matching (introduced in v7.7beta9);
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) ike1 - disallow "remote-id" setting for identity;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - properly show leading zeros in MCC and MNC strings;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - fixed assigning of explicit null label for IPv6;
*) ovpn - added support for IPv6 tunneling;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability when routing traffic over CPU on 98DX224S, 98DX226S, 98DX3236, 98DX8208 switch chips (introduced in v7.7beta3);
*) swos - fixed SwOS configuration changes from RouterOS;
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - fixed authentication issues (introduced in 7.7beta8);
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
Other changes since v7.6:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunnelling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7beta9
2022-12-01
What's new in 7.7beta9 (2022-Nov-30 14:54):
Changes in this release:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bluetooth - added unique advertise message filtering;
*) bridge - fixed master port conversion;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike2 - fixed rekey notify creation;
*) interface - do not allow adding invalid "veth" interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) lte - added AT channel support for Telit FN990;
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - increased the maximum value of "rate" for ACL rules;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - improved certificate payload parsing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added support for IPv6 tunnelling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) swos - fixed "allow-from-ports" setting;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Changes in this release:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bluetooth - added unique advertise message filtering;
*) bridge - fixed master port conversion;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike2 - fixed rekey notify creation;
*) interface - do not allow adding invalid "veth" interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) lte - added AT channel support for Telit FN990;
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - increased the maximum value of "rate" for ACL rules;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - improved certificate payload parsing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added support for IPv6 tunnelling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) swos - fixed "allow-from-ports" setting;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Версия 7.7beta9
2022-12-01
What's new in 7.7beta9 (2022-Nov-30 14:54):
Changes in this release:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bluetooth - added unique advertise message filtering;
*) bridge - fixed master port conversion;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike2 - fixed rekey notify creation;
*) interface - do not allow adding invalid "veth" interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) lte - added AT channel support for Telit FN990;
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - increased the maximum value of "rate" for ACL rules;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - improved certificate payload parsing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added support for IPv6 tunnelling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) swos - fixed "allow-from-ports" setting;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Changes in this release:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bluetooth - added unique advertise message filtering;
*) bridge - fixed master port conversion;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike2 - fixed rekey notify creation;
*) interface - do not allow adding invalid "veth" interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) lte - added AT channel support for Telit FN990;
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - increased the maximum value of "rate" for ACL rules;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - improved certificate payload parsing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added support for IPv6 tunnelling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) swos - fixed "allow-from-ports" setting;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Версия 7.7beta9
2022-12-01
What's new in 7.7beta9 (2022-Nov-30 14:54):
Changes in this release:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bluetooth - added unique advertise message filtering;
*) bridge - fixed master port conversion;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike2 - fixed rekey notify creation;
*) interface - do not allow adding invalid "veth" interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) lte - added AT channel support for Telit FN990;
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - increased the maximum value of "rate" for ACL rules;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - improved certificate payload parsing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added support for IPv6 tunnelling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) swos - fixed "allow-from-ports" setting;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Changes in this release:
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bluetooth - added unique advertise message filtering;
*) bridge - fixed master port conversion;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - fixed resolving of FWD entries (introduced in v7.7beta8);
*) dns - improved resolved static entry addition to address list;
*) health - fixed firmware update process on CCR1036-8G-2S+ (introduced in v7.7beta8);
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike2 - fixed rekey notify creation;
*) interface - do not allow adding invalid "veth" interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) lte - added AT channel support for Telit FN990;
*) netinstall - fixed netinstal procedure on RouterBOOT versions from 3.27 to 6.41;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - increased the maximum value of "rate" for ACL rules;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - improved certificate payload parsing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added support for IPv6 tunnelling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) swos - fixed "allow-from-ports" setting;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Версия 7.7beta8
2022-11-24
What's new in 7.7beta8 (2022-Nov-23 09:19):
Changes in this release:
*) branding - fixed identity setting from branding package;
*) bridge - fixed host moving with fast-path;
*) bridge - removed "age" monitoring property from the host table;
*) container - fixed tar extracting;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike2 - improved certificate payload parsing;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - fixed error handling on opening AT control channel;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i <interface>" parameter for Netinstall (CLI Linux);
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added support for IPv6 tunnelling;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) sfp - added 2.5G SFP module support for RB5009;
*) ssh - added support for Ed25519 key exchange;
*) ssh - fixed handling of non standard size RSA keys;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) swos - fixed "allow-from-ports" setting;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - fixed displaying of VRF routes;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Changes in this release:
*) branding - fixed identity setting from branding package;
*) bridge - fixed host moving with fast-path;
*) bridge - removed "age" monitoring property from the host table;
*) container - fixed tar extracting;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike2 - improved certificate payload parsing;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - fixed error handling on opening AT control channel;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i <interface>" parameter for Netinstall (CLI Linux);
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added support for IPv6 tunnelling;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) sfp - added 2.5G SFP module support for RB5009;
*) ssh - added support for Ed25519 key exchange;
*) ssh - fixed handling of non standard size RSA keys;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) swos - fixed "allow-from-ports" setting;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - fixed displaying of VRF routes;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Версия 7.7beta8
2022-11-24
What's new in 7.7beta8 (2022-Nov-23 09:19):
Changes in this release:
*) branding - fixed identity setting from branding package;
*) bridge - fixed host moving with fast-path;
*) bridge - removed "age" monitoring property from the host table;
*) container - fixed tar extracting;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike2 - improved certificate payload parsing;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - fixed error handling on opening AT control channel;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i <interface>" parameter for Netinstall (CLI Linux);
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added support for IPv6 tunnelling;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) sfp - added 2.5G SFP module support for RB5009;
*) ssh - added support for Ed25519 key exchange;
*) ssh - fixed handling of non standard size RSA keys;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) swos - fixed "allow-from-ports" setting;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - fixed displaying of VRF routes;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Changes in this release:
*) branding - fixed identity setting from branding package;
*) bridge - fixed host moving with fast-path;
*) bridge - removed "age" monitoring property from the host table;
*) container - fixed tar extracting;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike2 - improved certificate payload parsing;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - fixed error handling on opening AT control channel;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i <interface>" parameter for Netinstall (CLI Linux);
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added support for IPv6 tunnelling;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) sfp - added 2.5G SFP module support for RB5009;
*) ssh - added support for Ed25519 key exchange;
*) ssh - fixed handling of non standard size RSA keys;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) swos - fixed "allow-from-ports" setting;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - fixed displaying of VRF routes;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Версия 7.7beta8
2022-11-24
What's new in 7.7beta8 (2022-Nov-23 09:19):
Changes in this release:
*) branding - fixed identity setting from branding package;
*) bridge - fixed host moving with fast-path;
*) bridge - removed "age" monitoring property from the host table;
*) container - fixed tar extracting;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike2 - improved certificate payload parsing;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - fixed error handling on opening AT control channel;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i <interface>" parameter for Netinstall (CLI Linux);
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added support for IPv6 tunnelling;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) sfp - added 2.5G SFP module support for RB5009;
*) ssh - added support for Ed25519 key exchange;
*) ssh - fixed handling of non standard size RSA keys;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) swos - fixed "allow-from-ports" setting;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - fixed displaying of VRF routes;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Changes in this release:
*) branding - fixed identity setting from branding package;
*) bridge - fixed host moving with fast-path;
*) bridge - removed "age" monitoring property from the host table;
*) container - fixed tar extracting;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike2 - improved certificate payload parsing;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - improved IKE payload processing;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) lte - fixed error handling on opening AT control channel;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) netinstall - added "-i <interface>" parameter for Netinstall (CLI Linux);
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added support for IPv6 tunnelling;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) sfp - added 2.5G SFP module support for RB5009;
*) ssh - added support for Ed25519 key exchange;
*) ssh - fixed handling of non standard size RSA keys;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - fixed Ethernet monitor when disabling auto-negotiation for 10G interfaces for 98DX8212 switch (introduce in v7.7beta3);
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) swos - fixed "allow-from-ports" setting;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - fixed displaying of VRF routes;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved general system stability;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Версия 7.7beta6
2022-11-07
What's new in 7.7beta6 (2022-Nov-04 15:59):
Changes in this release:
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed access to "/dev/stderr" from containers;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ipsec - added hardware acceleration support for IPQ-6010;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) swos - improved default SwOS backup file name;
*) vxlan - added VRF support;
*) webfig - ensure login page is displayed after each log out;
*) webfig - improved WEB caching capabilities;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Changes in this release:
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed access to "/dev/stderr" from containers;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ipsec - added hardware acceleration support for IPQ-6010;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) swos - improved default SwOS backup file name;
*) vxlan - added VRF support;
*) webfig - ensure login page is displayed after each log out;
*) webfig - improved WEB caching capabilities;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Версия 7.7beta6
2022-11-07
What's new in 7.7beta6 (2022-Nov-04 15:59):
Changes in this release:
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed access to "/dev/stderr" from containers;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ipsec - added hardware acceleration support for IPQ-6010;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) swos - improved default SwOS backup file name;
*) vxlan - added VRF support;
*) webfig - ensure login page is displayed after each log out;
*) webfig - improved WEB caching capabilities;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Changes in this release:
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed access to "/dev/stderr" from containers;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ipsec - added hardware acceleration support for IPQ-6010;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) swos - improved default SwOS backup file name;
*) vxlan - added VRF support;
*) webfig - ensure login page is displayed after each log out;
*) webfig - improved WEB caching capabilities;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Версия 7.7beta6
2022-11-07
What's new in 7.7beta6 (2022-Nov-04 15:59):
Changes in this release:
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed access to "/dev/stderr" from containers;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ipsec - added hardware acceleration support for IPQ-6010;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) swos - improved default SwOS backup file name;
*) vxlan - added VRF support;
*) webfig - ensure login page is displayed after each log out;
*) webfig - improved WEB caching capabilities;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Changes in this release:
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed access to "/dev/stderr" from containers;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) ike2 - added support for ChaChaPoly1305 encryption (CLI only);
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ipsec - added hardware acceleration support for IPQ-6010;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) swos - improved default SwOS backup file name;
*) vxlan - added VRF support;
*) webfig - ensure login page is displayed after each log out;
*) webfig - improved WEB caching capabilities;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) hotspot - fixed maximum allowed connections limitation;
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Версия 7.7beta4
2022-10-28
What's new in 7.7beta4 (2022-Oct-27 09:00):
Changes in this release:
*) conntrack - improved system stability when PPTP helper is used;
*) hotspot - fixed maximum allowed connections limitation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) ospf - fixed MD5 checksum calculation;
*) sfp - added 2.5G SFP module support for RB5009;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Changes in this release:
*) conntrack - improved system stability when PPTP helper is used;
*) hotspot - fixed maximum allowed connections limitation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) ospf - fixed MD5 checksum calculation;
*) sfp - added 2.5G SFP module support for RB5009;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Версия 7.7beta4
2022-10-28
What's new in 7.7beta4 (2022-Oct-27 09:00):
Changes in this release:
*) conntrack - improved system stability when PPTP helper is used;
*) hotspot - fixed maximum allowed connections limitation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) ospf - fixed MD5 checksum calculation;
*) sfp - added 2.5G SFP module support for RB5009;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Changes in this release:
*) conntrack - improved system stability when PPTP helper is used;
*) hotspot - fixed maximum allowed connections limitation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) ospf - fixed MD5 checksum calculation;
*) sfp - added 2.5G SFP module support for RB5009;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Версия 7.7beta4
2022-10-28
What's new in 7.7beta4 (2022-Oct-27 09:00):
Changes in this release:
*) conntrack - improved system stability when PPTP helper is used;
*) hotspot - fixed maximum allowed connections limitation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) ospf - fixed MD5 checksum calculation;
*) sfp - added 2.5G SFP module support for RB5009;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Changes in this release:
*) conntrack - improved system stability when PPTP helper is used;
*) hotspot - fixed maximum allowed connections limitation;
*) netwatch - fixed reporting of VRF name in logging messages;
*) ospf - fixed MD5 checksum calculation;
*) sfp - added 2.5G SFP module support for RB5009;
*) webfig - properly detect current location for navigation buttons;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
Other changes since v7.6:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Версия 7.7beta3
2022-10-26
What's new in 7.7beta3 (2022-Oct-26 11:31):
Changes in this release:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Changes in this release:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Версия 7.7beta3
2022-10-26
What's new in 7.7beta3 (2022-Oct-26 11:31):
Changes in this release:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Changes in this release:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Версия 7.7beta3
2022-10-26
What's new in 7.7beta3 (2022-Oct-26 11:31):
Changes in this release:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Changes in this release:
*) bgp - improved BGP advertisement printing;
*) bonding - properly detect VPLS interface state changes;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) certificate - improved certificate management, signing and storing processes;
*) container - fixed handling of groups and usernames from Dockerfile;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) filesystem - fixed repartition on devices with containers;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation (CLI only);
*) ike1 - improved expired IPsec-SA processing;
*) interface - improved system stability when handling large packets on CCR2216;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) lte - added CA information in 5G mode;
*) lte - fixed new MTU value validation;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) lte - validate bearer count when activating MBIM modem;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed virtual-link address selection for PTP links;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FB990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) supout - added missing IPv6 firewall sections;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
Версия 7.6rc3
2022-10-14
What's new in 7.6rc3 (2022-Oct-14 12:44):
Changes in this release:
*) certificate - improved certificate management, signing and storing processes;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Changes in this release:
*) certificate - improved certificate management, signing and storing processes;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6rc3
2022-10-14
What's new in 7.6rc3 (2022-Oct-14 12:44):
Changes in this release:
*) certificate - improved certificate management, signing and storing processes;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Changes in this release:
*) certificate - improved certificate management, signing and storing processes;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6rc3
2022-10-14
What's new in 7.6rc3 (2022-Oct-14 12:44):
Changes in this release:
*) certificate - improved certificate management, signing and storing processes;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Changes in this release:
*) certificate - improved certificate management, signing and storing processes;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6rc2
2022-10-12
What's new in 7.6rc2 (2022-Oct-11 17:51):
Changes in this release:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Changes in this release:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6rc2
2022-10-12
What's new in 7.6rc2 (2022-Oct-11 17:51):
Changes in this release:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Changes in this release:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6rc2
2022-10-12
What's new in 7.6rc2 (2022-Oct-11 17:51):
Changes in this release:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Changes in this release:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed DNS answer of cached CNAME entries (introduced in v7.6beta10);
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6rc1
2022-10-05
What's new in 7.6rc1 (2022-Oct-04 18:54):
Changes in this release:
*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) lte - added support for Neoway N75-EA;
*) snmp - improved stability when receiving bogus packets;
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Changes in this release:
*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) lte - added support for Neoway N75-EA;
*) snmp - improved stability when receiving bogus packets;
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6rc1
2022-10-05
What's new in 7.6rc1 (2022-Oct-04 18:54):
Changes in this release:
*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) lte - added support for Neoway N75-EA;
*) snmp - improved stability when receiving bogus packets;
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Changes in this release:
*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) lte - added support for Neoway N75-EA;
*) snmp - improved stability when receiving bogus packets;
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6rc1
2022-10-05
What's new in 7.6rc1 (2022-Oct-04 18:54):
Changes in this release:
*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) lte - added support for Neoway N75-EA;
*) snmp - improved stability when receiving bogus packets;
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Changes in this release:
*) certificate - improved certificate management, signing and storing processes;
*) dns - fixed resolving of cached CNAME records (introduced in v7.6beta10);
*) lte - added support for Neoway N75-EA;
*) snmp - improved stability when receiving bogus packets;
*) vxlan - fixed multicast group address validation (introduced in v7.6beta10);
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added IPv6 support for ethernet mode;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6beta8
2022-09-23
What's new in 7.6beta8 (2022-Sep-21 09:20):
Important note!!!
Version not recommended on TILE and RB5009 devices if MACsec is used;
Changes in this release:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - fixed SHA1 certificate name lookup;
*) dhcpv4-server - fixed matcher functionality;
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - removed interface from SMIPS devices;
*) ospf - added SHA hashing for authentication;
*) queue - improved stability for CAKE type queues;
*) snmp - improved retrieval of routing related OID's;
*) sstp - added IPv6 support (CLI only);
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) tile - improved system stability when processing packets;
*) webfig - fixed hex input for "Host Uniq" field;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added MACsec support;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) wireless - disallowed using "default" as scan list or channel names;
Other changes since v7.5:
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name for MTU debug logging message;
*) lte - added interface name in MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Important note!!!
Version not recommended on TILE and RB5009 devices if MACsec is used;
Changes in this release:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - fixed SHA1 certificate name lookup;
*) dhcpv4-server - fixed matcher functionality;
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - removed interface from SMIPS devices;
*) ospf - added SHA hashing for authentication;
*) queue - improved stability for CAKE type queues;
*) snmp - improved retrieval of routing related OID's;
*) sstp - added IPv6 support (CLI only);
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) tile - improved system stability when processing packets;
*) webfig - fixed hex input for "Host Uniq" field;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added MACsec support;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) wireless - disallowed using "default" as scan list or channel names;
Other changes since v7.5:
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name for MTU debug logging message;
*) lte - added interface name in MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6beta8
2022-09-23
What's new in 7.6beta8 (2022-Sep-21 09:20):
Important note!!!
Version not recommended on TILE and RB5009 devices if MACsec is used;
Changes in this release:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - fixed SHA1 certificate name lookup;
*) dhcpv4-server - fixed matcher functionality;
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - removed interface from SMIPS devices;
*) ospf - added SHA hashing for authentication;
*) queue - improved stability for CAKE type queues;
*) snmp - improved retrieval of routing related OID's;
*) sstp - added IPv6 support (CLI only);
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) tile - improved system stability when processing packets;
*) webfig - fixed hex input for "Host Uniq" field;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added MACsec support;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) wireless - disallowed using "default" as scan list or channel names;
Other changes since v7.5:
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name for MTU debug logging message;
*) lte - added interface name in MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Important note!!!
Version not recommended on TILE and RB5009 devices if MACsec is used;
Changes in this release:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - fixed SHA1 certificate name lookup;
*) dhcpv4-server - fixed matcher functionality;
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - removed interface from SMIPS devices;
*) ospf - added SHA hashing for authentication;
*) queue - improved stability for CAKE type queues;
*) snmp - improved retrieval of routing related OID's;
*) sstp - added IPv6 support (CLI only);
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) tile - improved system stability when processing packets;
*) webfig - fixed hex input for "Host Uniq" field;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added MACsec support;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) wireless - disallowed using "default" as scan list or channel names;
Other changes since v7.5:
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name for MTU debug logging message;
*) lte - added interface name in MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6beta8
2022-09-23
What's new in 7.6beta8 (2022-Sep-21 09:20):
Important note!!!
Version not recommended on TILE and RB5009 devices if MACsec is used;
Changes in this release:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - fixed SHA1 certificate name lookup;
*) dhcpv4-server - fixed matcher functionality;
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - removed interface from SMIPS devices;
*) ospf - added SHA hashing for authentication;
*) queue - improved stability for CAKE type queues;
*) snmp - improved retrieval of routing related OID's;
*) sstp - added IPv6 support (CLI only);
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) tile - improved system stability when processing packets;
*) webfig - fixed hex input for "Host Uniq" field;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added MACsec support;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) wireless - disallowed using "default" as scan list or channel names;
Other changes since v7.5:
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name for MTU debug logging message;
*) lte - added interface name in MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Important note!!!
Version not recommended on TILE and RB5009 devices if MACsec is used;
Changes in this release:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) certificate - fixed SHA1 certificate name lookup;
*) dhcpv4-server - fixed matcher functionality;
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - removed interface from SMIPS devices;
*) ospf - added SHA hashing for authentication;
*) queue - improved stability for CAKE type queues;
*) snmp - improved retrieval of routing related OID's;
*) sstp - added IPv6 support (CLI only);
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) tile - improved system stability when processing packets;
*) webfig - fixed hex input for "Host Uniq" field;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added MACsec support;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) wireless - disallowed using "default" as scan list or channel names;
Other changes since v7.5:
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name for MTU debug logging message;
*) lte - added interface name in MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6beta7
2022-09-19
What's new in 7.6beta7 (2022-Sep-16 09:27):
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - allow changing container related parameters while it is running;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) ospf - fixed checksum calculation;
*) ospf - improved logging when invalid configuration is detected;
*) route - fixed disappearance of inactive static routes after upgrade;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) webfig - fixed creation of new IPv6 routes;
*) winbox - changed order of tabs under "User Manager" menu;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
Other changes since v7.5:
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - allow changing container related parameters while it is running;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) ospf - fixed checksum calculation;
*) ospf - improved logging when invalid configuration is detected;
*) route - fixed disappearance of inactive static routes after upgrade;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) webfig - fixed creation of new IPv6 routes;
*) winbox - changed order of tabs under "User Manager" menu;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
Other changes since v7.5:
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6beta7
2022-09-19
What's new in 7.6beta7 (2022-Sep-16 09:27):
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - allow changing container related parameters while it is running;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) ospf - fixed checksum calculation;
*) ospf - improved logging when invalid configuration is detected;
*) route - fixed disappearance of inactive static routes after upgrade;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) webfig - fixed creation of new IPv6 routes;
*) winbox - changed order of tabs under "User Manager" menu;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
Other changes since v7.5:
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - allow changing container related parameters while it is running;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) ospf - fixed checksum calculation;
*) ospf - improved logging when invalid configuration is detected;
*) route - fixed disappearance of inactive static routes after upgrade;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) webfig - fixed creation of new IPv6 routes;
*) winbox - changed order of tabs under "User Manager" menu;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
Other changes since v7.5:
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6beta7
2022-09-19
What's new in 7.6beta7 (2022-Sep-16 09:27):
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - allow changing container related parameters while it is running;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) ospf - fixed checksum calculation;
*) ospf - improved logging when invalid configuration is detected;
*) route - fixed disappearance of inactive static routes after upgrade;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) webfig - fixed creation of new IPv6 routes;
*) winbox - changed order of tabs under "User Manager" menu;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
Other changes since v7.5:
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - allow changing container related parameters while it is running;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) ospf - fixed checksum calculation;
*) ospf - improved logging when invalid configuration is detected;
*) route - fixed disappearance of inactive static routes after upgrade;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) webfig - fixed creation of new IPv6 routes;
*) winbox - changed order of tabs under "User Manager" menu;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
Other changes since v7.5:
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6beta6
2022-09-07
What's new in 7.6beta6 (2022-Sep-07 12:06):
*) container - added "start-on-boot" parameter for automatic container startup;
*) dot1x - fixed incorrect error when using "mac-auth";
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) lte - fixed at-chat on Telit FN980m;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) w60g - improved system stability (introduced in v7.5);
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow to rename mounted disks;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
Other changes since v7.5:
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) netwatch - fixed string variable values in script;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ovpn - added IPv6 support for ethernet mode;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) tr069-client - do not allow ":" symbols in username;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
*) container - added "start-on-boot" parameter for automatic container startup;
*) dot1x - fixed incorrect error when using "mac-auth";
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) lte - fixed at-chat on Telit FN980m;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) w60g - improved system stability (introduced in v7.5);
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow to rename mounted disks;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
Other changes since v7.5:
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) netwatch - fixed string variable values in script;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ovpn - added IPv6 support for ethernet mode;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) tr069-client - do not allow ":" symbols in username;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6beta6
2022-09-07
What's new in 7.6beta6 (2022-Sep-07 12:06):
*) container - added "start-on-boot" parameter for automatic container startup;
*) dot1x - fixed incorrect error when using "mac-auth";
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) lte - fixed at-chat on Telit FN980m;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) w60g - improved system stability (introduced in v7.5);
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow to rename mounted disks;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
Other changes since v7.5:
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) netwatch - fixed string variable values in script;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ovpn - added IPv6 support for ethernet mode;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) tr069-client - do not allow ":" symbols in username;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
*) container - added "start-on-boot" parameter for automatic container startup;
*) dot1x - fixed incorrect error when using "mac-auth";
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) lte - fixed at-chat on Telit FN980m;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) w60g - improved system stability (introduced in v7.5);
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow to rename mounted disks;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
Other changes since v7.5:
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) netwatch - fixed string variable values in script;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ovpn - added IPv6 support for ethernet mode;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) tr069-client - do not allow ":" symbols in username;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6beta6
2022-09-07
What's new in 7.6beta6 (2022-Sep-07 12:06):
*) container - added "start-on-boot" parameter for automatic container startup;
*) dot1x - fixed incorrect error when using "mac-auth";
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) lte - fixed at-chat on Telit FN980m;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) w60g - improved system stability (introduced in v7.5);
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow to rename mounted disks;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
Other changes since v7.5:
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) netwatch - fixed string variable values in script;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ovpn - added IPv6 support for ethernet mode;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) tr069-client - do not allow ":" symbols in username;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
*) container - added "start-on-boot" parameter for automatic container startup;
*) dot1x - fixed incorrect error when using "mac-auth";
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) lte - fixed at-chat on Telit FN980m;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) ssh - increased key generation timeout;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) w60g - improved system stability (introduced in v7.5);
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - allow to rename mounted disks;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
Other changes since v7.5:
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) netwatch - fixed string variable values in script;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ovpn - added IPv6 support for ethernet mode;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) tr069-client - do not allow ":" symbols in username;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6beta4
2022-09-02
What's new in 7.6beta4 (2022-Sep-01 11:35):
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) netwatch - fixed string variable values in script;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ovpn - added IPv6 support for ethernet mode;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) tr069-client - do not allow ":" symbols in username;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) netwatch - fixed string variable values in script;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ovpn - added IPv6 support for ethernet mode;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) tr069-client - do not allow ":" symbols in username;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6beta4
2022-09-02
What's new in 7.6beta4 (2022-Sep-01 11:35):
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) netwatch - fixed string variable values in script;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ovpn - added IPv6 support for ethernet mode;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) tr069-client - do not allow ":" symbols in username;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) netwatch - fixed string variable values in script;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ovpn - added IPv6 support for ethernet mode;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) tr069-client - do not allow ":" symbols in username;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6beta4
2022-09-02
What's new in 7.6beta4 (2022-Sep-01 11:35):
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) netwatch - fixed string variable values in script;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ovpn - added IPv6 support for ethernet mode;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) tr069-client - do not allow ":" symbols in username;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - improved system stability;
*) lte - added interface name for MTU debug logging message;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) netwatch - fixed string variable values in script;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed displaying of VRF interface in related logs;
*) ovpn - added IPv6 support for ethernet mode;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed memory leak;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) tr069-client - do not allow ":" symbols in username;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6beta10
2022-09-30
What's new in 7.6beta10 (2022-Sep-29 20:02):
Important note!!!
Version is not recommended for devices where VXLAN interfaces are already configured.
Changes in this release:
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - improved certificate management, signing and storing processes;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) qsfp - added interface temperature warnings and shutdown;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) routerboard - return router's short name in "model" parameter;
*) serial - added support for newer PL2303 serial controllers;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added quick filtering option for route list;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - removed interface from SMIPS devices;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added MACsec support;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Important note!!!
Version is not recommended for devices where VXLAN interfaces are already configured.
Changes in this release:
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - improved certificate management, signing and storing processes;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) qsfp - added interface temperature warnings and shutdown;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) routerboard - return router's short name in "model" parameter;
*) serial - added support for newer PL2303 serial controllers;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added quick filtering option for route list;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - removed interface from SMIPS devices;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added MACsec support;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6beta10
2022-09-30
What's new in 7.6beta10 (2022-Sep-29 20:02):
Important note!!!
Version is not recommended for devices where VXLAN interfaces are already configured.
Changes in this release:
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - improved certificate management, signing and storing processes;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) qsfp - added interface temperature warnings and shutdown;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) routerboard - return router's short name in "model" parameter;
*) serial - added support for newer PL2303 serial controllers;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added quick filtering option for route list;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - removed interface from SMIPS devices;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added MACsec support;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Important note!!!
Version is not recommended for devices where VXLAN interfaces are already configured.
Changes in this release:
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - improved certificate management, signing and storing processes;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) qsfp - added interface temperature warnings and shutdown;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) routerboard - return router's short name in "model" parameter;
*) serial - added support for newer PL2303 serial controllers;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added quick filtering option for route list;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - removed interface from SMIPS devices;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added MACsec support;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6beta10
2022-09-30
What's new in 7.6beta10 (2022-Sep-29 20:02):
Important note!!!
Version is not recommended for devices where VXLAN interfaces are already configured.
Changes in this release:
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - improved certificate management, signing and storing processes;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) qsfp - added interface temperature warnings and shutdown;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) routerboard - return router's short name in "model" parameter;
*) serial - added support for newer PL2303 serial controllers;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added quick filtering option for route list;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - removed interface from SMIPS devices;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added MACsec support;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Important note!!!
Version is not recommended for devices where VXLAN interfaces are already configured.
Changes in this release:
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - improved certificate management, signing and storing processes;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) qsfp - added interface temperature warnings and shutdown;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) routerboard - return router's short name in "model" parameter;
*) serial - added support for newer PL2303 serial controllers;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added "L3 HW Settings" under "Switch" menu;
*) winbox - added quick filtering option for route list;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "to-ports" and "to-addresses" parameters for "netmap" action under "IPv6/Firewall/NAT" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
Other changes since v7.5:
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) branding - execute "autorun.scr" file when installing branding package;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT (CLI only);
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) l3hw - added "l3hw-settings" sub menu under the switch menu (CLI only);
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - removed interface from SMIPS devices;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support for ethernet mode;
*) ppp - fixed memory leak;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) ssh - increased key generation timeout;
*) sstp - added IPv6 support (CLI only);
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added MACsec support;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.5rc2
2022-08-26
What's new in 7.5rc2 (2022-Aug-25 12:35):
*) container - fixed handling of mounted directories;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) container - fixed handling of mounted directories;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5rc2
2022-08-26
What's new in 7.5rc2 (2022-Aug-25 12:35):
*) container - fixed handling of mounted directories;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) container - fixed handling of mounted directories;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5rc2
2022-08-26
What's new in 7.5rc2 (2022-Aug-25 12:35):
*) container - fixed handling of mounted directories;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) container - fixed handling of mounted directories;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5rc1
2022-08-23
What's new in 7.5rc1 (2022-Aug-19 13:23):
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5rc1
2022-08-23
What's new in 7.5rc1 (2022-Aug-19 13:23):
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5rc1
2022-08-23
What's new in 7.5rc1 (2022-Aug-19 13:23):
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5beta8
2022-08-10
What's new in 7.5beta8 (2022-Aug-09 12:36):
*) bridge - fixed "new-priority" value validation for NAT rules;
*) certificate - fixed handling of empty AKID by SCEP client;
*) container - fixed free disk space checking;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) leds - fixed wireless LED functionality on LHGG;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed UDP performance on MMIPS devices;
*) ping - improved service stability;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) ssh - added AES support for PEM decryption;
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) l3hw - fixed HW offloaded NAT;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) certificate - fixed handling of empty AKID by SCEP client;
*) container - fixed free disk space checking;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) leds - fixed wireless LED functionality on LHGG;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed UDP performance on MMIPS devices;
*) ping - improved service stability;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) ssh - added AES support for PEM decryption;
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) l3hw - fixed HW offloaded NAT;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5beta8
2022-08-10
What's new in 7.5beta8 (2022-Aug-09 12:36):
*) bridge - fixed "new-priority" value validation for NAT rules;
*) certificate - fixed handling of empty AKID by SCEP client;
*) container - fixed free disk space checking;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) leds - fixed wireless LED functionality on LHGG;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed UDP performance on MMIPS devices;
*) ping - improved service stability;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) ssh - added AES support for PEM decryption;
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) l3hw - fixed HW offloaded NAT;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) certificate - fixed handling of empty AKID by SCEP client;
*) container - fixed free disk space checking;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) leds - fixed wireless LED functionality on LHGG;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed UDP performance on MMIPS devices;
*) ping - improved service stability;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) ssh - added AES support for PEM decryption;
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) l3hw - fixed HW offloaded NAT;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5beta8
2022-08-10
What's new in 7.5beta8 (2022-Aug-09 12:36):
*) bridge - fixed "new-priority" value validation for NAT rules;
*) certificate - fixed handling of empty AKID by SCEP client;
*) container - fixed free disk space checking;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) leds - fixed wireless LED functionality on LHGG;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed UDP performance on MMIPS devices;
*) ping - improved service stability;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) ssh - added AES support for PEM decryption;
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) l3hw - fixed HW offloaded NAT;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) certificate - fixed handling of empty AKID by SCEP client;
*) container - fixed free disk space checking;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) leds - fixed wireless LED functionality on LHGG;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed UDP performance on MMIPS devices;
*) ping - improved service stability;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) ssh - added AES support for PEM decryption;
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) l3hw - fixed HW offloaded NAT;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5beta5
2022-08-01
What's new in 7.5beta5 (2022-Jul-28 10:59):
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) l3hw - fixed HW offloaded NAT;
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
Other changes since v7.4:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) l3hw - fixed HW offloaded NAT;
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
Other changes since v7.4:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5beta5
2022-08-01
What's new in 7.5beta5 (2022-Jul-28 10:59):
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) l3hw - fixed HW offloaded NAT;
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
Other changes since v7.4:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) l3hw - fixed HW offloaded NAT;
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
Other changes since v7.4:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5beta5
2022-08-01
What's new in 7.5beta5 (2022-Jul-28 10:59):
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) l3hw - fixed HW offloaded NAT;
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
Other changes since v7.4:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) l3hw - fixed HW offloaded NAT;
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
Other changes since v7.4:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5beta4
2022-07-26
What's new in 7.5beta4 (2022-Jul-22 12:46):
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5beta4
2022-07-26
What's new in 7.5beta4 (2022-Jul-22 12:46):
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5beta4
2022-07-26
What's new in 7.5beta4 (2022-Jul-22 12:46):
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) container - added tun/tap support for containers;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) route-filter - fixed "delete bgp-communities" command;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5beta11
2022-08-17
What's new in 7.5beta11 (2022-Aug-17 13:14):
*) bgp - improved stability when "default-originate" is configured;
*) console - fixed automatic command completion with <TAB> keypress;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) hotspot - improved stability when receiving bogus packets;
*) interface - fixed default interface naming on RB1100x2;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) webfig - allow to specify NTP server as domain name;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) bgp - improved stability when "default-originate" is configured;
*) console - fixed automatic command completion with <TAB> keypress;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) hotspot - improved stability when receiving bogus packets;
*) interface - fixed default interface naming on RB1100x2;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) webfig - allow to specify NTP server as domain name;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5beta11
2022-08-17
What's new in 7.5beta11 (2022-Aug-17 13:14):
*) bgp - improved stability when "default-originate" is configured;
*) console - fixed automatic command completion with <TAB> keypress;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) hotspot - improved stability when receiving bogus packets;
*) interface - fixed default interface naming on RB1100x2;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) webfig - allow to specify NTP server as domain name;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) bgp - improved stability when "default-originate" is configured;
*) console - fixed automatic command completion with <TAB> keypress;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) hotspot - improved stability when receiving bogus packets;
*) interface - fixed default interface naming on RB1100x2;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) webfig - allow to specify NTP server as domain name;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5beta11
2022-08-17
What's new in 7.5beta11 (2022-Aug-17 13:14):
*) bgp - improved stability when "default-originate" is configured;
*) console - fixed automatic command completion with <TAB> keypress;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) hotspot - improved stability when receiving bogus packets;
*) interface - fixed default interface naming on RB1100x2;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) webfig - allow to specify NTP server as domain name;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) bgp - improved stability when "default-originate" is configured;
*) console - fixed automatic command completion with <TAB> keypress;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) hotspot - improved stability when receiving bogus packets;
*) interface - fixed default interface naming on RB1100x2;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) webfig - allow to specify NTP server as domain name;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
Other changes since v7.4.1:
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) container - added tun/tap support for containers;
*) container - fixed free disk space checking;
*) container - fixed handling of mounted directories;
*) container - fixed imported tar image path logging message;
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "CPU" to "switch" for temperature reading information on CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.4rc2
2022-07-08
What's new in 7.4rc2 (2022-Jul-07 15:29):
*) chr - fixed booting with added additional SCSI disk;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated);
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) lte - show current value for "antenna" parameter when auto antenna selection fails;
*) mpls - improved stability with enabled loop-detect;
*) netwatch - added support for more advanced probing;
*) routerboard - do not try exporting WPS button configuration on devices that does not have it (introduced in v7.4beta5);
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) chr - fixed booting with added additional SCSI disk;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated);
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) lte - show current value for "antenna" parameter when auto antenna selection fails;
*) mpls - improved stability with enabled loop-detect;
*) netwatch - added support for more advanced probing;
*) routerboard - do not try exporting WPS button configuration on devices that does not have it (introduced in v7.4beta5);
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
Версия 7.4rc2
2022-07-08
What's new in 7.4rc2 (2022-Jul-07 15:29):
*) chr - fixed booting with added additional SCSI disk;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated);
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) lte - show current value for "antenna" parameter when auto antenna selection fails;
*) mpls - improved stability with enabled loop-detect;
*) netwatch - added support for more advanced probing;
*) routerboard - do not try exporting WPS button configuration on devices that does not have it (introduced in v7.4beta5);
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) chr - fixed booting with added additional SCSI disk;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated);
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) lte - show current value for "antenna" parameter when auto antenna selection fails;
*) mpls - improved stability with enabled loop-detect;
*) netwatch - added support for more advanced probing;
*) routerboard - do not try exporting WPS button configuration on devices that does not have it (introduced in v7.4beta5);
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
Версия 7.4rc2
2022-07-08
What's new in 7.4rc2 (2022-Jul-07 15:29):
*) chr - fixed booting with added additional SCSI disk;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated);
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) lte - show current value for "antenna" parameter when auto antenna selection fails;
*) mpls - improved stability with enabled loop-detect;
*) netwatch - added support for more advanced probing;
*) routerboard - do not try exporting WPS button configuration on devices that does not have it (introduced in v7.4beta5);
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) chr - fixed booting with added additional SCSI disk;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated);
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) lte - show current value for "antenna" parameter when auto antenna selection fails;
*) mpls - improved stability with enabled loop-detect;
*) netwatch - added support for more advanced probing;
*) routerboard - do not try exporting WPS button configuration on devices that does not have it (introduced in v7.4beta5);
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
Версия 7.4rc1
2022-07-05
What's new in 7.4rc1 (2022-Jul-04 11:18):
*) certificate - fixed new CRL updating;
*) mqtt - fixed log flooding with disconnect messages;
*) netwatch - added support for more advanced probing;
*) ntp - added VRF support for client and server;
*) ntp - fixed manycast server support;
*) ntp - improved "debug" log level logging;
*) ovpn - added "AUTH_FAILED" control message sending;
*) radius - added VRF support for RADIUS client;
*) route - expose all valid routes to route select filter from BGP;
*) route - fixed log messages when changing routing configuration;
*) rpki - fix potential memory leak;
*) system - added "shutdown" parameter for reset-configuration (CLI only);
*) vpls - improved system stability with enabled connection tracking;
*) w60g - fixed interface "reset-configuration" on Cube 60 devices;
*) w60g - improved system stability when using mismatched L2MTU between station and AP;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) wifiwave2 - improved WPA3 support stability;
*) winbox - added "VRF" parameter under "Tools/E-mail" menu;
*) certificate - fixed new CRL updating;
*) mqtt - fixed log flooding with disconnect messages;
*) netwatch - added support for more advanced probing;
*) ntp - added VRF support for client and server;
*) ntp - fixed manycast server support;
*) ntp - improved "debug" log level logging;
*) ovpn - added "AUTH_FAILED" control message sending;
*) radius - added VRF support for RADIUS client;
*) route - expose all valid routes to route select filter from BGP;
*) route - fixed log messages when changing routing configuration;
*) rpki - fix potential memory leak;
*) system - added "shutdown" parameter for reset-configuration (CLI only);
*) vpls - improved system stability with enabled connection tracking;
*) w60g - fixed interface "reset-configuration" on Cube 60 devices;
*) w60g - improved system stability when using mismatched L2MTU between station and AP;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) wifiwave2 - improved WPA3 support stability;
*) winbox - added "VRF" parameter under "Tools/E-mail" menu;
Версия 7.4rc1
2022-07-05
What's new in 7.4rc1 (2022-Jul-04 11:18):
*) certificate - fixed new CRL updating;
*) mqtt - fixed log flooding with disconnect messages;
*) netwatch - added support for more advanced probing;
*) ntp - added VRF support for client and server;
*) ntp - fixed manycast server support;
*) ntp - improved "debug" log level logging;
*) ovpn - added "AUTH_FAILED" control message sending;
*) radius - added VRF support for RADIUS client;
*) route - expose all valid routes to route select filter from BGP;
*) route - fixed log messages when changing routing configuration;
*) rpki - fix potential memory leak;
*) system - added "shutdown" parameter for reset-configuration (CLI only);
*) vpls - improved system stability with enabled connection tracking;
*) w60g - fixed interface "reset-configuration" on Cube 60 devices;
*) w60g - improved system stability when using mismatched L2MTU between station and AP;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) wifiwave2 - improved WPA3 support stability;
*) winbox - added "VRF" parameter under "Tools/E-mail" menu;
*) certificate - fixed new CRL updating;
*) mqtt - fixed log flooding with disconnect messages;
*) netwatch - added support for more advanced probing;
*) ntp - added VRF support for client and server;
*) ntp - fixed manycast server support;
*) ntp - improved "debug" log level logging;
*) ovpn - added "AUTH_FAILED" control message sending;
*) radius - added VRF support for RADIUS client;
*) route - expose all valid routes to route select filter from BGP;
*) route - fixed log messages when changing routing configuration;
*) rpki - fix potential memory leak;
*) system - added "shutdown" parameter for reset-configuration (CLI only);
*) vpls - improved system stability with enabled connection tracking;
*) w60g - fixed interface "reset-configuration" on Cube 60 devices;
*) w60g - improved system stability when using mismatched L2MTU between station and AP;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) wifiwave2 - improved WPA3 support stability;
*) winbox - added "VRF" parameter under "Tools/E-mail" menu;
Версия 7.4rc1
2022-07-05
What's new in 7.4rc1 (2022-Jul-04 11:18):
*) certificate - fixed new CRL updating;
*) mqtt - fixed log flooding with disconnect messages;
*) netwatch - added support for more advanced probing;
*) ntp - added VRF support for client and server;
*) ntp - fixed manycast server support;
*) ntp - improved "debug" log level logging;
*) ovpn - added "AUTH_FAILED" control message sending;
*) radius - added VRF support for RADIUS client;
*) route - expose all valid routes to route select filter from BGP;
*) route - fixed log messages when changing routing configuration;
*) rpki - fix potential memory leak;
*) system - added "shutdown" parameter for reset-configuration (CLI only);
*) vpls - improved system stability with enabled connection tracking;
*) w60g - fixed interface "reset-configuration" on Cube 60 devices;
*) w60g - improved system stability when using mismatched L2MTU between station and AP;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) wifiwave2 - improved WPA3 support stability;
*) winbox - added "VRF" parameter under "Tools/E-mail" menu;
*) certificate - fixed new CRL updating;
*) mqtt - fixed log flooding with disconnect messages;
*) netwatch - added support for more advanced probing;
*) ntp - added VRF support for client and server;
*) ntp - fixed manycast server support;
*) ntp - improved "debug" log level logging;
*) ovpn - added "AUTH_FAILED" control message sending;
*) radius - added VRF support for RADIUS client;
*) route - expose all valid routes to route select filter from BGP;
*) route - fixed log messages when changing routing configuration;
*) rpki - fix potential memory leak;
*) system - added "shutdown" parameter for reset-configuration (CLI only);
*) vpls - improved system stability with enabled connection tracking;
*) w60g - fixed interface "reset-configuration" on Cube 60 devices;
*) w60g - improved system stability when using mismatched L2MTU between station and AP;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) wifiwave2 - improved WPA3 support stability;
*) winbox - added "VRF" parameter under "Tools/E-mail" menu;
Версия 7.4beta5
2022-06-27
What's new in 7.4beta5 (2022-Jun-27 10:39):
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86;
*) dhcpv4-server - disallowed overriding message type option;
*) dhcpv4-server - log message when user option updates existing option;
*) dhcpv4-server - placed option 53 as the first one in the packet;
*) health - fixed requesting data from sensor when issuing "get" command;
*) health - fixed voltage reporting on some RBmAP-2nD devices;
*) lte - validate LTE attached IP type in MBIM mode;
*) netwatch - added support for more advanced probing;
*) poe - hide "poe-voltage" parameter on devices that do not support it;
*) route - expose all valid routes to route select filter from OSPF and RIP;
*) route-filter - fixed route select filter rules;
*) upgrade - ignore same version packages during upgrade procedure;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) winbox - added "name" parameter under "Routing/BGP/Session" menu;
*) winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
*) winbox - added support for "Routing/GMP" menu;
*) winbox - added support for "veth" interface types;
*) winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
*) winbox - fixed minor typo under "Interface" stats;
*) winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
*) winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
*) winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86;
*) dhcpv4-server - disallowed overriding message type option;
*) dhcpv4-server - log message when user option updates existing option;
*) dhcpv4-server - placed option 53 as the first one in the packet;
*) health - fixed requesting data from sensor when issuing "get" command;
*) health - fixed voltage reporting on some RBmAP-2nD devices;
*) lte - validate LTE attached IP type in MBIM mode;
*) netwatch - added support for more advanced probing;
*) poe - hide "poe-voltage" parameter on devices that do not support it;
*) route - expose all valid routes to route select filter from OSPF and RIP;
*) route-filter - fixed route select filter rules;
*) upgrade - ignore same version packages during upgrade procedure;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) winbox - added "name" parameter under "Routing/BGP/Session" menu;
*) winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
*) winbox - added support for "Routing/GMP" menu;
*) winbox - added support for "veth" interface types;
*) winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
*) winbox - fixed minor typo under "Interface" stats;
*) winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
*) winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
*) winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;
Версия 7.4beta5
2022-06-27
What's new in 7.4beta5 (2022-Jun-27 10:39):
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86;
*) dhcpv4-server - disallowed overriding message type option;
*) dhcpv4-server - log message when user option updates existing option;
*) dhcpv4-server - placed option 53 as the first one in the packet;
*) health - fixed requesting data from sensor when issuing "get" command;
*) health - fixed voltage reporting on some RBmAP-2nD devices;
*) lte - validate LTE attached IP type in MBIM mode;
*) netwatch - added support for more advanced probing;
*) poe - hide "poe-voltage" parameter on devices that do not support it;
*) route - expose all valid routes to route select filter from OSPF and RIP;
*) route-filter - fixed route select filter rules;
*) upgrade - ignore same version packages during upgrade procedure;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) winbox - added "name" parameter under "Routing/BGP/Session" menu;
*) winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
*) winbox - added support for "Routing/GMP" menu;
*) winbox - added support for "veth" interface types;
*) winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
*) winbox - fixed minor typo under "Interface" stats;
*) winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
*) winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
*) winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86;
*) dhcpv4-server - disallowed overriding message type option;
*) dhcpv4-server - log message when user option updates existing option;
*) dhcpv4-server - placed option 53 as the first one in the packet;
*) health - fixed requesting data from sensor when issuing "get" command;
*) health - fixed voltage reporting on some RBmAP-2nD devices;
*) lte - validate LTE attached IP type in MBIM mode;
*) netwatch - added support for more advanced probing;
*) poe - hide "poe-voltage" parameter on devices that do not support it;
*) route - expose all valid routes to route select filter from OSPF and RIP;
*) route-filter - fixed route select filter rules;
*) upgrade - ignore same version packages during upgrade procedure;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) winbox - added "name" parameter under "Routing/BGP/Session" menu;
*) winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
*) winbox - added support for "Routing/GMP" menu;
*) winbox - added support for "veth" interface types;
*) winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
*) winbox - fixed minor typo under "Interface" stats;
*) winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
*) winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
*) winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;
Версия 7.4beta5
2022-06-27
What's new in 7.4beta5 (2022-Jun-27 10:39):
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86;
*) dhcpv4-server - disallowed overriding message type option;
*) dhcpv4-server - log message when user option updates existing option;
*) dhcpv4-server - placed option 53 as the first one in the packet;
*) health - fixed requesting data from sensor when issuing "get" command;
*) health - fixed voltage reporting on some RBmAP-2nD devices;
*) lte - validate LTE attached IP type in MBIM mode;
*) netwatch - added support for more advanced probing;
*) poe - hide "poe-voltage" parameter on devices that do not support it;
*) route - expose all valid routes to route select filter from OSPF and RIP;
*) route-filter - fixed route select filter rules;
*) upgrade - ignore same version packages during upgrade procedure;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) winbox - added "name" parameter under "Routing/BGP/Session" menu;
*) winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
*) winbox - added support for "Routing/GMP" menu;
*) winbox - added support for "veth" interface types;
*) winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
*) winbox - fixed minor typo under "Interface" stats;
*) winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
*) winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
*) winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86;
*) dhcpv4-server - disallowed overriding message type option;
*) dhcpv4-server - log message when user option updates existing option;
*) dhcpv4-server - placed option 53 as the first one in the packet;
*) health - fixed requesting data from sensor when issuing "get" command;
*) health - fixed voltage reporting on some RBmAP-2nD devices;
*) lte - validate LTE attached IP type in MBIM mode;
*) netwatch - added support for more advanced probing;
*) poe - hide "poe-voltage" parameter on devices that do not support it;
*) route - expose all valid routes to route select filter from OSPF and RIP;
*) route-filter - fixed route select filter rules;
*) upgrade - ignore same version packages during upgrade procedure;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) winbox - added "name" parameter under "Routing/BGP/Session" menu;
*) winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
*) winbox - added support for "Routing/GMP" menu;
*) winbox - added support for "veth" interface types;
*) winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
*) winbox - fixed minor typo under "Interface" stats;
*) winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
*) winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
*) winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;
Версия 7.4beta4
2022-06-16
What's new in 7.4beta4 (2022-Jun-15 14:04):
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86;
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
*) dhcp-server - change "vendor-class-id" matcher to generic option matcher;
*) dot1x - fixed "undo" command for server instances;
*) l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
*) leds - fixed GPS LED configuration on LtAP LTE kit;
*) leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
*) leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
*) lte - added AT chat support for Dell dw5821e modem;
*) lte - fixed LTE interface running state after modem reconnection;
*) mqtt - fixed socket error handling;
*) netwatch - added support for more advanced probing;
*) ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
*) ppp - do not fail connection when trying to add existing IP address to address list;
*) ppp - log warning message when remote IP address can not be added;
*) route - changed "mode" setting to "exclude" for group management protocol (CLI only);
*) route - made export run faster on tables with a large number of dynamic routes;
*) routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
*) routing-filter - made "do-jump" work in select rules;
*) ssh - fixed host key generation (introduced in v7.3);
*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
*) system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
*) upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
*) w60g - improved interface initialization after being inactive for a while;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) winbox - fixed filename dropdown value filtering;
*) x86 - fixed Broadcom NIC support;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86;
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
*) dhcp-server - change "vendor-class-id" matcher to generic option matcher;
*) dot1x - fixed "undo" command for server instances;
*) l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
*) leds - fixed GPS LED configuration on LtAP LTE kit;
*) leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
*) leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
*) lte - added AT chat support for Dell dw5821e modem;
*) lte - fixed LTE interface running state after modem reconnection;
*) mqtt - fixed socket error handling;
*) netwatch - added support for more advanced probing;
*) ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
*) ppp - do not fail connection when trying to add existing IP address to address list;
*) ppp - log warning message when remote IP address can not be added;
*) route - changed "mode" setting to "exclude" for group management protocol (CLI only);
*) route - made export run faster on tables with a large number of dynamic routes;
*) routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
*) routing-filter - made "do-jump" work in select rules;
*) ssh - fixed host key generation (introduced in v7.3);
*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
*) system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
*) upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
*) w60g - improved interface initialization after being inactive for a while;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) winbox - fixed filename dropdown value filtering;
*) x86 - fixed Broadcom NIC support;
Версия 7.4beta4
2022-06-16
What's new in 7.4beta4 (2022-Jun-15 14:04):
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86;
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
*) dhcp-server - change "vendor-class-id" matcher to generic option matcher;
*) dot1x - fixed "undo" command for server instances;
*) l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
*) leds - fixed GPS LED configuration on LtAP LTE kit;
*) leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
*) leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
*) lte - added AT chat support for Dell dw5821e modem;
*) lte - fixed LTE interface running state after modem reconnection;
*) mqtt - fixed socket error handling;
*) netwatch - added support for more advanced probing;
*) ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
*) ppp - do not fail connection when trying to add existing IP address to address list;
*) ppp - log warning message when remote IP address can not be added;
*) route - changed "mode" setting to "exclude" for group management protocol (CLI only);
*) route - made export run faster on tables with a large number of dynamic routes;
*) routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
*) routing-filter - made "do-jump" work in select rules;
*) ssh - fixed host key generation (introduced in v7.3);
*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
*) system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
*) upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
*) w60g - improved interface initialization after being inactive for a while;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) winbox - fixed filename dropdown value filtering;
*) x86 - fixed Broadcom NIC support;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86;
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
*) dhcp-server - change "vendor-class-id" matcher to generic option matcher;
*) dot1x - fixed "undo" command for server instances;
*) l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
*) leds - fixed GPS LED configuration on LtAP LTE kit;
*) leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
*) leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
*) lte - added AT chat support for Dell dw5821e modem;
*) lte - fixed LTE interface running state after modem reconnection;
*) mqtt - fixed socket error handling;
*) netwatch - added support for more advanced probing;
*) ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
*) ppp - do not fail connection when trying to add existing IP address to address list;
*) ppp - log warning message when remote IP address can not be added;
*) route - changed "mode" setting to "exclude" for group management protocol (CLI only);
*) route - made export run faster on tables with a large number of dynamic routes;
*) routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
*) routing-filter - made "do-jump" work in select rules;
*) ssh - fixed host key generation (introduced in v7.3);
*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
*) system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
*) upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
*) w60g - improved interface initialization after being inactive for a while;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) winbox - fixed filename dropdown value filtering;
*) x86 - fixed Broadcom NIC support;
Версия 7.4beta4
2022-06-16
What's new in 7.4beta4 (2022-Jun-15 14:04):
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86;
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
*) dhcp-server - change "vendor-class-id" matcher to generic option matcher;
*) dot1x - fixed "undo" command for server instances;
*) l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
*) leds - fixed GPS LED configuration on LtAP LTE kit;
*) leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
*) leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
*) lte - added AT chat support for Dell dw5821e modem;
*) lte - fixed LTE interface running state after modem reconnection;
*) mqtt - fixed socket error handling;
*) netwatch - added support for more advanced probing;
*) ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
*) ppp - do not fail connection when trying to add existing IP address to address list;
*) ppp - log warning message when remote IP address can not be added;
*) route - changed "mode" setting to "exclude" for group management protocol (CLI only);
*) route - made export run faster on tables with a large number of dynamic routes;
*) routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
*) routing-filter - made "do-jump" work in select rules;
*) ssh - fixed host key generation (introduced in v7.3);
*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
*) system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
*) upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
*) w60g - improved interface initialization after being inactive for a while;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) winbox - fixed filename dropdown value filtering;
*) x86 - fixed Broadcom NIC support;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86;
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
*) dhcp-server - change "vendor-class-id" matcher to generic option matcher;
*) dot1x - fixed "undo" command for server instances;
*) l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
*) leds - fixed GPS LED configuration on LtAP LTE kit;
*) leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
*) leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
*) lte - added AT chat support for Dell dw5821e modem;
*) lte - fixed LTE interface running state after modem reconnection;
*) mqtt - fixed socket error handling;
*) netwatch - added support for more advanced probing;
*) ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
*) ppp - do not fail connection when trying to add existing IP address to address list;
*) ppp - log warning message when remote IP address can not be added;
*) route - changed "mode" setting to "exclude" for group management protocol (CLI only);
*) route - made export run faster on tables with a large number of dynamic routes;
*) routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
*) routing-filter - made "do-jump" work in select rules;
*) ssh - fixed host key generation (introduced in v7.3);
*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
*) system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
*) upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
*) w60g - improved interface initialization after being inactive for a while;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) winbox - fixed filename dropdown value filtering;
*) x86 - fixed Broadcom NIC support;
Версия 7.4beta2
2022-06-07
What's new in 7.4beta2 (2022-Jun-07 12:08)
*) api - fixed comma encoding within URL when using the ".proplist" argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) cloud - print critical log message when system clock gets synchronised;
*) console - added ":retry" command;
*) console - fixed situation when print output was not consistent;
*) dns - convert the domain name to lowercase before matching regex;
*) e-mail - added VRF support (CLI only);
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules (CLI only);
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialisation stage;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) ovpn - use selected cipher by default when the server does not provide "cipher" option;
*) pimsm - improved system stability when changing configuration;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
*) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu, CLI only)
*) route - fixed false route type detection as blackhole;
*) route - provide more detailed information about prefixes when using "discourse" tool;
*) routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
*) routing-filter - fixed regexp community matcher;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) vxlan - allow to specify MAC address manually;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - removed unused "Apply Changes" button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed "hdd-model" information from installation screen;
*) api - fixed comma encoding within URL when using the ".proplist" argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) cloud - print critical log message when system clock gets synchronised;
*) console - added ":retry" command;
*) console - fixed situation when print output was not consistent;
*) dns - convert the domain name to lowercase before matching regex;
*) e-mail - added VRF support (CLI only);
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules (CLI only);
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialisation stage;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) ovpn - use selected cipher by default when the server does not provide "cipher" option;
*) pimsm - improved system stability when changing configuration;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
*) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu, CLI only)
*) route - fixed false route type detection as blackhole;
*) route - provide more detailed information about prefixes when using "discourse" tool;
*) routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
*) routing-filter - fixed regexp community matcher;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) vxlan - allow to specify MAC address manually;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - removed unused "Apply Changes" button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed "hdd-model" information from installation screen;
Версия 7.4beta2
2022-06-07
What's new in 7.4beta2 (2022-Jun-07 12:08)
*) api - fixed comma encoding within URL when using the ".proplist" argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) cloud - print critical log message when system clock gets synchronised;
*) console - added ":retry" command;
*) console - fixed situation when print output was not consistent;
*) dns - convert the domain name to lowercase before matching regex;
*) e-mail - added VRF support (CLI only);
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules (CLI only);
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialisation stage;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) ovpn - use selected cipher by default when the server does not provide "cipher" option;
*) pimsm - improved system stability when changing configuration;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
*) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu, CLI only)
*) route - fixed false route type detection as blackhole;
*) route - provide more detailed information about prefixes when using "discourse" tool;
*) routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
*) routing-filter - fixed regexp community matcher;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) vxlan - allow to specify MAC address manually;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - removed unused "Apply Changes" button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed "hdd-model" information from installation screen;
*) api - fixed comma encoding within URL when using the ".proplist" argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) cloud - print critical log message when system clock gets synchronised;
*) console - added ":retry" command;
*) console - fixed situation when print output was not consistent;
*) dns - convert the domain name to lowercase before matching regex;
*) e-mail - added VRF support (CLI only);
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules (CLI only);
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialisation stage;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) ovpn - use selected cipher by default when the server does not provide "cipher" option;
*) pimsm - improved system stability when changing configuration;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
*) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu, CLI only)
*) route - fixed false route type detection as blackhole;
*) route - provide more detailed information about prefixes when using "discourse" tool;
*) routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
*) routing-filter - fixed regexp community matcher;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) vxlan - allow to specify MAC address manually;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - removed unused "Apply Changes" button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed "hdd-model" information from installation screen;
Версия 7.4beta2
2022-06-07
What's new in 7.4beta2 (2022-Jun-07 12:08)
*) api - fixed comma encoding within URL when using the ".proplist" argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) cloud - print critical log message when system clock gets synchronised;
*) console - added ":retry" command;
*) console - fixed situation when print output was not consistent;
*) dns - convert the domain name to lowercase before matching regex;
*) e-mail - added VRF support (CLI only);
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules (CLI only);
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialisation stage;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) ovpn - use selected cipher by default when the server does not provide "cipher" option;
*) pimsm - improved system stability when changing configuration;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
*) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu, CLI only)
*) route - fixed false route type detection as blackhole;
*) route - provide more detailed information about prefixes when using "discourse" tool;
*) routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
*) routing-filter - fixed regexp community matcher;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) vxlan - allow to specify MAC address manually;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - removed unused "Apply Changes" button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed "hdd-model" information from installation screen;
*) api - fixed comma encoding within URL when using the ".proplist" argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) cloud - print critical log message when system clock gets synchronised;
*) console - added ":retry" command;
*) console - fixed situation when print output was not consistent;
*) dns - convert the domain name to lowercase before matching regex;
*) e-mail - added VRF support (CLI only);
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules (CLI only);
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialisation stage;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) ovpn - use selected cipher by default when the server does not provide "cipher" option;
*) pimsm - improved system stability when changing configuration;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
*) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu, CLI only)
*) route - fixed false route type detection as blackhole;
*) route - provide more detailed information about prefixes when using "discourse" tool;
*) routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
*) routing-filter - fixed regexp community matcher;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) vxlan - allow to specify MAC address manually;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - removed unused "Apply Changes" button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed "hdd-model" information from installation screen;
Версия 7.3rc2
2022-06-03
What's new in 7.3rc2 (2022-Jun-02 15:26):
*) capsman - fixed loss of manager configuration when "package-path" is set to external disk;
*) l2tp - fixed L2TP session handling from iOS clients (introduced in v7.3beta40);
*) ssh - fixed corrupt host key automatic regeneration;
*) capsman - fixed loss of manager configuration when "package-path" is set to external disk;
*) l2tp - fixed L2TP session handling from iOS clients (introduced in v7.3beta40);
*) ssh - fixed corrupt host key automatic regeneration;
Версия 7.3rc2
2022-06-03
What's new in 7.3rc2 (2022-Jun-02 15:26):
*) capsman - fixed loss of manager configuration when "package-path" is set to external disk;
*) l2tp - fixed L2TP session handling from iOS clients (introduced in v7.3beta40);
*) ssh - fixed corrupt host key automatic regeneration;
*) capsman - fixed loss of manager configuration when "package-path" is set to external disk;
*) l2tp - fixed L2TP session handling from iOS clients (introduced in v7.3beta40);
*) ssh - fixed corrupt host key automatic regeneration;
Версия 7.3rc2
2022-06-03
What's new in 7.3rc2 (2022-Jun-02 15:26):
*) capsman - fixed loss of manager configuration when "package-path" is set to external disk;
*) l2tp - fixed L2TP session handling from iOS clients (introduced in v7.3beta40);
*) ssh - fixed corrupt host key automatic regeneration;
*) capsman - fixed loss of manager configuration when "package-path" is set to external disk;
*) l2tp - fixed L2TP session handling from iOS clients (introduced in v7.3beta40);
*) ssh - fixed corrupt host key automatic regeneration;
Версия 7.3rc1
2022-05-31
What's new in 7.3rc1 (2022-May-27 11:50):
*) bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
*) bgp - remove unused commands and parameters;
*) bluetooth - improved long-term service stability;
*) bridge - fixed TCP, UDP port parsing for loop detect warning;
*) capsman - fixed bridge disabling when using L2 connection;
*) ccr - improved interface link stability on CCR2004-16G-2S+PC;
*) chr - fixed Cloud DDNS update after license renewal;
*) console - fixed "terminal inkey" command;
*) crs1xx/2xx - improved system stability during switch reset;
*) defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
*) ipv6 - fixed dynamic non link-local addresses displaying;
*) l2tp - added VRF support for L2TP client;
*) l3hw - greatly improved route offloading speed;
*) l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
*) l3hw - offload only main routing table;
*) l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
*) lhgg - improved system stability (introduced in v7.2);
*) lte - improved LTE interface initialization process on LtAP-2HnD;
*) mpls - made LDP bindings work on PPP interfaces;
*) ospf - ignore instance route when originate-default=if-installed is enabled;
*) ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
*) profile - added "wireguard" process classificator;
*) profile - added "zerotier" process classificator;
*) qsfp - reset module only when all ports are disabled;
*) queue - allow to set higher limits than 4G;
*) queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
*) resource - fixed CPU type display under system resources for ARM and ARM64;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) smb - fixed SMB2 file list reporting;
*) snmp - added VRF support;
*) ssh - fixed private key usage after downgrade;
*) winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
*) winbox - fixed "Type" values under "IP/Route" menu;
*) winbox - fixed minor typo in reboot confirmation prompt;
*) winbox - made wireless access list entries sortable when using the wifiwave2 package;
*) ww2 - general stability and throughput improvements;
*) x86 - added support for Solarflare SFC1920 NIC;
*) x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);
*) bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
*) bgp - remove unused commands and parameters;
*) bluetooth - improved long-term service stability;
*) bridge - fixed TCP, UDP port parsing for loop detect warning;
*) capsman - fixed bridge disabling when using L2 connection;
*) ccr - improved interface link stability on CCR2004-16G-2S+PC;
*) chr - fixed Cloud DDNS update after license renewal;
*) console - fixed "terminal inkey" command;
*) crs1xx/2xx - improved system stability during switch reset;
*) defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
*) ipv6 - fixed dynamic non link-local addresses displaying;
*) l2tp - added VRF support for L2TP client;
*) l3hw - greatly improved route offloading speed;
*) l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
*) l3hw - offload only main routing table;
*) l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
*) lhgg - improved system stability (introduced in v7.2);
*) lte - improved LTE interface initialization process on LtAP-2HnD;
*) mpls - made LDP bindings work on PPP interfaces;
*) ospf - ignore instance route when originate-default=if-installed is enabled;
*) ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
*) profile - added "wireguard" process classificator;
*) profile - added "zerotier" process classificator;
*) qsfp - reset module only when all ports are disabled;
*) queue - allow to set higher limits than 4G;
*) queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
*) resource - fixed CPU type display under system resources for ARM and ARM64;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) smb - fixed SMB2 file list reporting;
*) snmp - added VRF support;
*) ssh - fixed private key usage after downgrade;
*) winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
*) winbox - fixed "Type" values under "IP/Route" menu;
*) winbox - fixed minor typo in reboot confirmation prompt;
*) winbox - made wireless access list entries sortable when using the wifiwave2 package;
*) ww2 - general stability and throughput improvements;
*) x86 - added support for Solarflare SFC1920 NIC;
*) x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);
Версия 7.3rc1
2022-05-31
What's new in 7.3rc1 (2022-May-27 11:50):
*) bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
*) bgp - remove unused commands and parameters;
*) bluetooth - improved long-term service stability;
*) bridge - fixed TCP, UDP port parsing for loop detect warning;
*) capsman - fixed bridge disabling when using L2 connection;
*) ccr - improved interface link stability on CCR2004-16G-2S+PC;
*) chr - fixed Cloud DDNS update after license renewal;
*) console - fixed "terminal inkey" command;
*) crs1xx/2xx - improved system stability during switch reset;
*) defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
*) ipv6 - fixed dynamic non link-local addresses displaying;
*) l2tp - added VRF support for L2TP client;
*) l3hw - greatly improved route offloading speed;
*) l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
*) l3hw - offload only main routing table;
*) l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
*) lhgg - improved system stability (introduced in v7.2);
*) lte - improved LTE interface initialization process on LtAP-2HnD;
*) mpls - made LDP bindings work on PPP interfaces;
*) ospf - ignore instance route when originate-default=if-installed is enabled;
*) ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
*) profile - added "wireguard" process classificator;
*) profile - added "zerotier" process classificator;
*) qsfp - reset module only when all ports are disabled;
*) queue - allow to set higher limits than 4G;
*) queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
*) resource - fixed CPU type display under system resources for ARM and ARM64;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) smb - fixed SMB2 file list reporting;
*) snmp - added VRF support;
*) ssh - fixed private key usage after downgrade;
*) winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
*) winbox - fixed "Type" values under "IP/Route" menu;
*) winbox - fixed minor typo in reboot confirmation prompt;
*) winbox - made wireless access list entries sortable when using the wifiwave2 package;
*) ww2 - general stability and throughput improvements;
*) x86 - added support for Solarflare SFC1920 NIC;
*) x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);
*) bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
*) bgp - remove unused commands and parameters;
*) bluetooth - improved long-term service stability;
*) bridge - fixed TCP, UDP port parsing for loop detect warning;
*) capsman - fixed bridge disabling when using L2 connection;
*) ccr - improved interface link stability on CCR2004-16G-2S+PC;
*) chr - fixed Cloud DDNS update after license renewal;
*) console - fixed "terminal inkey" command;
*) crs1xx/2xx - improved system stability during switch reset;
*) defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
*) ipv6 - fixed dynamic non link-local addresses displaying;
*) l2tp - added VRF support for L2TP client;
*) l3hw - greatly improved route offloading speed;
*) l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
*) l3hw - offload only main routing table;
*) l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
*) lhgg - improved system stability (introduced in v7.2);
*) lte - improved LTE interface initialization process on LtAP-2HnD;
*) mpls - made LDP bindings work on PPP interfaces;
*) ospf - ignore instance route when originate-default=if-installed is enabled;
*) ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
*) profile - added "wireguard" process classificator;
*) profile - added "zerotier" process classificator;
*) qsfp - reset module only when all ports are disabled;
*) queue - allow to set higher limits than 4G;
*) queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
*) resource - fixed CPU type display under system resources for ARM and ARM64;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) smb - fixed SMB2 file list reporting;
*) snmp - added VRF support;
*) ssh - fixed private key usage after downgrade;
*) winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
*) winbox - fixed "Type" values under "IP/Route" menu;
*) winbox - fixed minor typo in reboot confirmation prompt;
*) winbox - made wireless access list entries sortable when using the wifiwave2 package;
*) ww2 - general stability and throughput improvements;
*) x86 - added support for Solarflare SFC1920 NIC;
*) x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);
Версия 7.3rc1
2022-05-31
What's new in 7.3rc1 (2022-May-27 11:50):
*) bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
*) bgp - remove unused commands and parameters;
*) bluetooth - improved long-term service stability;
*) bridge - fixed TCP, UDP port parsing for loop detect warning;
*) capsman - fixed bridge disabling when using L2 connection;
*) ccr - improved interface link stability on CCR2004-16G-2S+PC;
*) chr - fixed Cloud DDNS update after license renewal;
*) console - fixed "terminal inkey" command;
*) crs1xx/2xx - improved system stability during switch reset;
*) defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
*) ipv6 - fixed dynamic non link-local addresses displaying;
*) l2tp - added VRF support for L2TP client;
*) l3hw - greatly improved route offloading speed;
*) l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
*) l3hw - offload only main routing table;
*) l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
*) lhgg - improved system stability (introduced in v7.2);
*) lte - improved LTE interface initialization process on LtAP-2HnD;
*) mpls - made LDP bindings work on PPP interfaces;
*) ospf - ignore instance route when originate-default=if-installed is enabled;
*) ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
*) profile - added "wireguard" process classificator;
*) profile - added "zerotier" process classificator;
*) qsfp - reset module only when all ports are disabled;
*) queue - allow to set higher limits than 4G;
*) queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
*) resource - fixed CPU type display under system resources for ARM and ARM64;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) smb - fixed SMB2 file list reporting;
*) snmp - added VRF support;
*) ssh - fixed private key usage after downgrade;
*) winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
*) winbox - fixed "Type" values under "IP/Route" menu;
*) winbox - fixed minor typo in reboot confirmation prompt;
*) winbox - made wireless access list entries sortable when using the wifiwave2 package;
*) ww2 - general stability and throughput improvements;
*) x86 - added support for Solarflare SFC1920 NIC;
*) x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);
*) bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
*) bgp - remove unused commands and parameters;
*) bluetooth - improved long-term service stability;
*) bridge - fixed TCP, UDP port parsing for loop detect warning;
*) capsman - fixed bridge disabling when using L2 connection;
*) ccr - improved interface link stability on CCR2004-16G-2S+PC;
*) chr - fixed Cloud DDNS update after license renewal;
*) console - fixed "terminal inkey" command;
*) crs1xx/2xx - improved system stability during switch reset;
*) defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
*) ipv6 - fixed dynamic non link-local addresses displaying;
*) l2tp - added VRF support for L2TP client;
*) l3hw - greatly improved route offloading speed;
*) l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
*) l3hw - offload only main routing table;
*) l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
*) lhgg - improved system stability (introduced in v7.2);
*) lte - improved LTE interface initialization process on LtAP-2HnD;
*) mpls - made LDP bindings work on PPP interfaces;
*) ospf - ignore instance route when originate-default=if-installed is enabled;
*) ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
*) profile - added "wireguard" process classificator;
*) profile - added "zerotier" process classificator;
*) qsfp - reset module only when all ports are disabled;
*) queue - allow to set higher limits than 4G;
*) queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
*) resource - fixed CPU type display under system resources for ARM and ARM64;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) smb - fixed SMB2 file list reporting;
*) snmp - added VRF support;
*) ssh - fixed private key usage after downgrade;
*) winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
*) winbox - fixed "Type" values under "IP/Route" menu;
*) winbox - fixed minor typo in reboot confirmation prompt;
*) winbox - made wireless access list entries sortable when using the wifiwave2 package;
*) ww2 - general stability and throughput improvements;
*) x86 - added support for Solarflare SFC1920 NIC;
*) x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);
Версия 7.3beta40
2022-05-13
What's new in 7.3beta40 (2022-May-11 12:18):
!) queue - do not allow using CAKE type in simple and tree setups (already configured queues will be disabled);
*) bgp - added "name" parameter for connections;
*) bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
*) bgp - fixed "l2vpn" distribution;
*) bridge - added more details for loop detection warning;
*) bridge - do not set VLAN on inactive port with a "set" command;
*) bridge - ignore VLAN tagged BPDU;
*) capsman - improved traffic processing over CAP communication tunnels:
*) chr - fixed Cloud DDNS update after license renewal;
*) dot1x - fixed RADIUS State attribute when client is reauthenticated;
*) dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
*) dot1x - improved server system stability during authentication;
*) ipsec - fixed printing of active peer statistics;
*) l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - optimized offloading when dealing with large volume of directly connected hosts;
*) lte - added SMS sending support for MBIM protocol;
*) lte - allow only MCC/NMC format in "operator" parameter;
*) lte - clear SIM values when modem in "stopped" state;
*) mpls - improved LDP AF selection process and behavior;
*) ntp - do not allow setting port number in "server" parameter;
*) ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
*) ovpn - improved server stability under continous overload;
*) ovpn - reply with the same IP address that the connection was established to;
*) ppp - added support for VRF;
*) romon - fixed VLAN tagged packet processing;
*) route - fixed IPv6 /127 route nexthop resolution;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) sfp - fixed link flap for QSFP+ and QSFP28 ports connected with a breakout cable, in cases where the base interface changes "running" state (introduced in v7.3beta33);
*) sfp - hide empty monitor values in console;
*) snmp - added VRF support (CLI only);
*) snmp - fixed reported disk size when multiple external disks are attached;
*) snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
*) ssh - added AES-GCM cipher support;
*) ssh - removed DSA public key authentication support;
*) supout - added simplified IPv4 and IPv6 routing table prints;
*) switch - fixed "switch-cpu" port stats for 98DXxxxx and 98PX1012 switches (introduced in v7.3beta37);
*) switch - fixed missing stats in traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed Kernel timer consistency;
*) tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
*) vpls - fixed TE transport path usage after startup;
*) vrrp - fixed learning of bridged local MAC addreses;
*) winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
*) winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
*) winbox - added missing "Scan List" parameter for W60G interfaces;
*) winbox - added missing BGP session commands;
*) winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
*) winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
*) winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
*) winbox - fixed "IP/Cloud" window refreshing after changes are detected;
*) winbox - properly load band values under "LTE" menu;
*) winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;
!) queue - do not allow using CAKE type in simple and tree setups (already configured queues will be disabled);
*) bgp - added "name" parameter for connections;
*) bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
*) bgp - fixed "l2vpn" distribution;
*) bridge - added more details for loop detection warning;
*) bridge - do not set VLAN on inactive port with a "set" command;
*) bridge - ignore VLAN tagged BPDU;
*) capsman - improved traffic processing over CAP communication tunnels:
*) chr - fixed Cloud DDNS update after license renewal;
*) dot1x - fixed RADIUS State attribute when client is reauthenticated;
*) dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
*) dot1x - improved server system stability during authentication;
*) ipsec - fixed printing of active peer statistics;
*) l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - optimized offloading when dealing with large volume of directly connected hosts;
*) lte - added SMS sending support for MBIM protocol;
*) lte - allow only MCC/NMC format in "operator" parameter;
*) lte - clear SIM values when modem in "stopped" state;
*) mpls - improved LDP AF selection process and behavior;
*) ntp - do not allow setting port number in "server" parameter;
*) ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
*) ovpn - improved server stability under continous overload;
*) ovpn - reply with the same IP address that the connection was established to;
*) ppp - added support for VRF;
*) romon - fixed VLAN tagged packet processing;
*) route - fixed IPv6 /127 route nexthop resolution;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) sfp - fixed link flap for QSFP+ and QSFP28 ports connected with a breakout cable, in cases where the base interface changes "running" state (introduced in v7.3beta33);
*) sfp - hide empty monitor values in console;
*) snmp - added VRF support (CLI only);
*) snmp - fixed reported disk size when multiple external disks are attached;
*) snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
*) ssh - added AES-GCM cipher support;
*) ssh - removed DSA public key authentication support;
*) supout - added simplified IPv4 and IPv6 routing table prints;
*) switch - fixed "switch-cpu" port stats for 98DXxxxx and 98PX1012 switches (introduced in v7.3beta37);
*) switch - fixed missing stats in traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed Kernel timer consistency;
*) tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
*) vpls - fixed TE transport path usage after startup;
*) vrrp - fixed learning of bridged local MAC addreses;
*) winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
*) winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
*) winbox - added missing "Scan List" parameter for W60G interfaces;
*) winbox - added missing BGP session commands;
*) winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
*) winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
*) winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
*) winbox - fixed "IP/Cloud" window refreshing after changes are detected;
*) winbox - properly load band values under "LTE" menu;
*) winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;
Версия 7.3beta40
2022-05-13
What's new in 7.3beta40 (2022-May-11 12:18):
!) queue - do not allow using CAKE type in simple and tree setups (already configured queues will be disabled);
*) bgp - added "name" parameter for connections;
*) bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
*) bgp - fixed "l2vpn" distribution;
*) bridge - added more details for loop detection warning;
*) bridge - do not set VLAN on inactive port with a "set" command;
*) bridge - ignore VLAN tagged BPDU;
*) capsman - improved traffic processing over CAP communication tunnels:
*) chr - fixed Cloud DDNS update after license renewal;
*) dot1x - fixed RADIUS State attribute when client is reauthenticated;
*) dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
*) dot1x - improved server system stability during authentication;
*) ipsec - fixed printing of active peer statistics;
*) l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - optimized offloading when dealing with large volume of directly connected hosts;
*) lte - added SMS sending support for MBIM protocol;
*) lte - allow only MCC/NMC format in "operator" parameter;
*) lte - clear SIM values when modem in "stopped" state;
*) mpls - improved LDP AF selection process and behavior;
*) ntp - do not allow setting port number in "server" parameter;
*) ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
*) ovpn - improved server stability under continous overload;
*) ovpn - reply with the same IP address that the connection was established to;
*) ppp - added support for VRF;
*) romon - fixed VLAN tagged packet processing;
*) route - fixed IPv6 /127 route nexthop resolution;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) sfp - fixed link flap for QSFP+ and QSFP28 ports connected with a breakout cable, in cases where the base interface changes "running" state (introduced in v7.3beta33);
*) sfp - hide empty monitor values in console;
*) snmp - added VRF support (CLI only);
*) snmp - fixed reported disk size when multiple external disks are attached;
*) snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
*) ssh - added AES-GCM cipher support;
*) ssh - removed DSA public key authentication support;
*) supout - added simplified IPv4 and IPv6 routing table prints;
*) switch - fixed "switch-cpu" port stats for 98DXxxxx and 98PX1012 switches (introduced in v7.3beta37);
*) switch - fixed missing stats in traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed Kernel timer consistency;
*) tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
*) vpls - fixed TE transport path usage after startup;
*) vrrp - fixed learning of bridged local MAC addreses;
*) winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
*) winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
*) winbox - added missing "Scan List" parameter for W60G interfaces;
*) winbox - added missing BGP session commands;
*) winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
*) winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
*) winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
*) winbox - fixed "IP/Cloud" window refreshing after changes are detected;
*) winbox - properly load band values under "LTE" menu;
*) winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;
!) queue - do not allow using CAKE type in simple and tree setups (already configured queues will be disabled);
*) bgp - added "name" parameter for connections;
*) bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
*) bgp - fixed "l2vpn" distribution;
*) bridge - added more details for loop detection warning;
*) bridge - do not set VLAN on inactive port with a "set" command;
*) bridge - ignore VLAN tagged BPDU;
*) capsman - improved traffic processing over CAP communication tunnels:
*) chr - fixed Cloud DDNS update after license renewal;
*) dot1x - fixed RADIUS State attribute when client is reauthenticated;
*) dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
*) dot1x - improved server system stability during authentication;
*) ipsec - fixed printing of active peer statistics;
*) l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - optimized offloading when dealing with large volume of directly connected hosts;
*) lte - added SMS sending support for MBIM protocol;
*) lte - allow only MCC/NMC format in "operator" parameter;
*) lte - clear SIM values when modem in "stopped" state;
*) mpls - improved LDP AF selection process and behavior;
*) ntp - do not allow setting port number in "server" parameter;
*) ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
*) ovpn - improved server stability under continous overload;
*) ovpn - reply with the same IP address that the connection was established to;
*) ppp - added support for VRF;
*) romon - fixed VLAN tagged packet processing;
*) route - fixed IPv6 /127 route nexthop resolution;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) sfp - fixed link flap for QSFP+ and QSFP28 ports connected with a breakout cable, in cases where the base interface changes "running" state (introduced in v7.3beta33);
*) sfp - hide empty monitor values in console;
*) snmp - added VRF support (CLI only);
*) snmp - fixed reported disk size when multiple external disks are attached;
*) snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
*) ssh - added AES-GCM cipher support;
*) ssh - removed DSA public key authentication support;
*) supout - added simplified IPv4 and IPv6 routing table prints;
*) switch - fixed "switch-cpu" port stats for 98DXxxxx and 98PX1012 switches (introduced in v7.3beta37);
*) switch - fixed missing stats in traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed Kernel timer consistency;
*) tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
*) vpls - fixed TE transport path usage after startup;
*) vrrp - fixed learning of bridged local MAC addreses;
*) winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
*) winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
*) winbox - added missing "Scan List" parameter for W60G interfaces;
*) winbox - added missing BGP session commands;
*) winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
*) winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
*) winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
*) winbox - fixed "IP/Cloud" window refreshing after changes are detected;
*) winbox - properly load band values under "LTE" menu;
*) winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;
Версия 7.3beta40
2022-05-13
What's new in 7.3beta40 (2022-May-11 12:18):
!) queue - do not allow using CAKE type in simple and tree setups (already configured queues will be disabled);
*) bgp - added "name" parameter for connections;
*) bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
*) bgp - fixed "l2vpn" distribution;
*) bridge - added more details for loop detection warning;
*) bridge - do not set VLAN on inactive port with a "set" command;
*) bridge - ignore VLAN tagged BPDU;
*) capsman - improved traffic processing over CAP communication tunnels:
*) chr - fixed Cloud DDNS update after license renewal;
*) dot1x - fixed RADIUS State attribute when client is reauthenticated;
*) dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
*) dot1x - improved server system stability during authentication;
*) ipsec - fixed printing of active peer statistics;
*) l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - optimized offloading when dealing with large volume of directly connected hosts;
*) lte - added SMS sending support for MBIM protocol;
*) lte - allow only MCC/NMC format in "operator" parameter;
*) lte - clear SIM values when modem in "stopped" state;
*) mpls - improved LDP AF selection process and behavior;
*) ntp - do not allow setting port number in "server" parameter;
*) ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
*) ovpn - improved server stability under continous overload;
*) ovpn - reply with the same IP address that the connection was established to;
*) ppp - added support for VRF;
*) romon - fixed VLAN tagged packet processing;
*) route - fixed IPv6 /127 route nexthop resolution;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) sfp - fixed link flap for QSFP+ and QSFP28 ports connected with a breakout cable, in cases where the base interface changes "running" state (introduced in v7.3beta33);
*) sfp - hide empty monitor values in console;
*) snmp - added VRF support (CLI only);
*) snmp - fixed reported disk size when multiple external disks are attached;
*) snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
*) ssh - added AES-GCM cipher support;
*) ssh - removed DSA public key authentication support;
*) supout - added simplified IPv4 and IPv6 routing table prints;
*) switch - fixed "switch-cpu" port stats for 98DXxxxx and 98PX1012 switches (introduced in v7.3beta37);
*) switch - fixed missing stats in traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed Kernel timer consistency;
*) tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
*) vpls - fixed TE transport path usage after startup;
*) vrrp - fixed learning of bridged local MAC addreses;
*) winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
*) winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
*) winbox - added missing "Scan List" parameter for W60G interfaces;
*) winbox - added missing BGP session commands;
*) winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
*) winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
*) winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
*) winbox - fixed "IP/Cloud" window refreshing after changes are detected;
*) winbox - properly load band values under "LTE" menu;
*) winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;
!) queue - do not allow using CAKE type in simple and tree setups (already configured queues will be disabled);
*) bgp - added "name" parameter for connections;
*) bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
*) bgp - fixed "l2vpn" distribution;
*) bridge - added more details for loop detection warning;
*) bridge - do not set VLAN on inactive port with a "set" command;
*) bridge - ignore VLAN tagged BPDU;
*) capsman - improved traffic processing over CAP communication tunnels:
*) chr - fixed Cloud DDNS update after license renewal;
*) dot1x - fixed RADIUS State attribute when client is reauthenticated;
*) dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
*) dot1x - improved server system stability during authentication;
*) ipsec - fixed printing of active peer statistics;
*) l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - optimized offloading when dealing with large volume of directly connected hosts;
*) lte - added SMS sending support for MBIM protocol;
*) lte - allow only MCC/NMC format in "operator" parameter;
*) lte - clear SIM values when modem in "stopped" state;
*) mpls - improved LDP AF selection process and behavior;
*) ntp - do not allow setting port number in "server" parameter;
*) ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
*) ovpn - improved server stability under continous overload;
*) ovpn - reply with the same IP address that the connection was established to;
*) ppp - added support for VRF;
*) romon - fixed VLAN tagged packet processing;
*) route - fixed IPv6 /127 route nexthop resolution;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) sfp - fixed link flap for QSFP+ and QSFP28 ports connected with a breakout cable, in cases where the base interface changes "running" state (introduced in v7.3beta33);
*) sfp - hide empty monitor values in console;
*) snmp - added VRF support (CLI only);
*) snmp - fixed reported disk size when multiple external disks are attached;
*) snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
*) ssh - added AES-GCM cipher support;
*) ssh - removed DSA public key authentication support;
*) supout - added simplified IPv4 and IPv6 routing table prints;
*) switch - fixed "switch-cpu" port stats for 98DXxxxx and 98PX1012 switches (introduced in v7.3beta37);
*) switch - fixed missing stats in traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed Kernel timer consistency;
*) tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
*) vpls - fixed TE transport path usage after startup;
*) vrrp - fixed learning of bridged local MAC addreses;
*) winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
*) winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
*) winbox - added missing "Scan List" parameter for W60G interfaces;
*) winbox - added missing BGP session commands;
*) winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
*) winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
*) winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
*) winbox - fixed "IP/Cloud" window refreshing after changes are detected;
*) winbox - properly load band values under "LTE" menu;
*) winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;
Версия 7.3beta37
2022-04-26
What's new in 7.3beta37 (2022-Apr-25 15:29):
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) bridge - fixed packet marking for IP/IPv6 firewall;
*) dot1x - improved server stability when using re-authentication;
*) fetch - improved full disk detection;
*) gps - fixed minor value unit typo;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) led - fixed QSFP+, QSFP28 activity LEDs when using 40Gbps modules (introduced in v7.3beta33);
*) lte - disabled wait for LTE auto attach;
*) mpls - fixed MPLS MTU and path MTU selection;
*) ovpn - fixed hardware offloading support on CHR;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - moved authentication failure messages to "info" logging level;
*) ppp - added warning when using prefix length other than /64 for router advertisement;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
*) switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed RouterOS bootup when wifiwave2 package is installed (introduced in v7.3beta34);
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) user-manager - improved stability when received EAP attribute with non-existing state attribute;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) bridge - fixed packet marking for IP/IPv6 firewall;
*) dot1x - improved server stability when using re-authentication;
*) fetch - improved full disk detection;
*) gps - fixed minor value unit typo;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) led - fixed QSFP+, QSFP28 activity LEDs when using 40Gbps modules (introduced in v7.3beta33);
*) lte - disabled wait for LTE auto attach;
*) mpls - fixed MPLS MTU and path MTU selection;
*) ovpn - fixed hardware offloading support on CHR;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - moved authentication failure messages to "info" logging level;
*) ppp - added warning when using prefix length other than /64 for router advertisement;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
*) switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed RouterOS bootup when wifiwave2 package is installed (introduced in v7.3beta34);
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) user-manager - improved stability when received EAP attribute with non-existing state attribute;
*) vpls - fixed "pw-l2mtu" parameter usage;
Версия 7.3beta37
2022-04-26
What's new in 7.3beta37 (2022-Apr-25 15:29):
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) bridge - fixed packet marking for IP/IPv6 firewall;
*) dot1x - improved server stability when using re-authentication;
*) fetch - improved full disk detection;
*) gps - fixed minor value unit typo;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) led - fixed QSFP+, QSFP28 activity LEDs when using 40Gbps modules (introduced in v7.3beta33);
*) lte - disabled wait for LTE auto attach;
*) mpls - fixed MPLS MTU and path MTU selection;
*) ovpn - fixed hardware offloading support on CHR;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - moved authentication failure messages to "info" logging level;
*) ppp - added warning when using prefix length other than /64 for router advertisement;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
*) switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed RouterOS bootup when wifiwave2 package is installed (introduced in v7.3beta34);
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) user-manager - improved stability when received EAP attribute with non-existing state attribute;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) bridge - fixed packet marking for IP/IPv6 firewall;
*) dot1x - improved server stability when using re-authentication;
*) fetch - improved full disk detection;
*) gps - fixed minor value unit typo;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) led - fixed QSFP+, QSFP28 activity LEDs when using 40Gbps modules (introduced in v7.3beta33);
*) lte - disabled wait for LTE auto attach;
*) mpls - fixed MPLS MTU and path MTU selection;
*) ovpn - fixed hardware offloading support on CHR;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - moved authentication failure messages to "info" logging level;
*) ppp - added warning when using prefix length other than /64 for router advertisement;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
*) switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed RouterOS bootup when wifiwave2 package is installed (introduced in v7.3beta34);
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) user-manager - improved stability when received EAP attribute with non-existing state attribute;
*) vpls - fixed "pw-l2mtu" parameter usage;
Версия 7.3beta37
2022-04-26
What's new in 7.3beta37 (2022-Apr-25 15:29):
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) bridge - fixed packet marking for IP/IPv6 firewall;
*) dot1x - improved server stability when using re-authentication;
*) fetch - improved full disk detection;
*) gps - fixed minor value unit typo;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) led - fixed QSFP+, QSFP28 activity LEDs when using 40Gbps modules (introduced in v7.3beta33);
*) lte - disabled wait for LTE auto attach;
*) mpls - fixed MPLS MTU and path MTU selection;
*) ovpn - fixed hardware offloading support on CHR;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - moved authentication failure messages to "info" logging level;
*) ppp - added warning when using prefix length other than /64 for router advertisement;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
*) switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed RouterOS bootup when wifiwave2 package is installed (introduced in v7.3beta34);
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) user-manager - improved stability when received EAP attribute with non-existing state attribute;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) bridge - fixed packet marking for IP/IPv6 firewall;
*) dot1x - improved server stability when using re-authentication;
*) fetch - improved full disk detection;
*) gps - fixed minor value unit typo;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) led - fixed QSFP+, QSFP28 activity LEDs when using 40Gbps modules (introduced in v7.3beta33);
*) lte - disabled wait for LTE auto attach;
*) mpls - fixed MPLS MTU and path MTU selection;
*) ovpn - fixed hardware offloading support on CHR;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - moved authentication failure messages to "info" logging level;
*) ppp - added warning when using prefix length other than /64 for router advertisement;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
*) switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed RouterOS bootup when wifiwave2 package is installed (introduced in v7.3beta34);
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) user-manager - improved stability when received EAP attribute with non-existing state attribute;
*) vpls - fixed "pw-l2mtu" parameter usage;
Версия 7.3beta34
2022-04-20
What's new in 7.3beta34 (2022-Apr-20 08:23):
*) bgp - improved stability when editing BGP template;
*) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed minor logging typo;
*) export - fixed value ID exporting that does not refer to any name;
*) fetch - fixed SFTP upload;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) lte - disabled extended signal info query for Telit LN940 module;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ping - fixed socket allocation after VRF change;
*) ppp - fixed active sessions sometimes getting stuck;
*) queues - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) ssh - fail non-interactive client after first invalid password;
*) supout - added IGMP-Proxy section;
*) winbox - added "Comment" parameter for BGP templates and connections;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - made "MPLS Interface" table sortable under "MPLS" menu;
*) winbox - made 56 the default ping size;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
*) winbox - show correct file system type under "System/Disks" menu;
*) bgp - improved stability when editing BGP template;
*) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed minor logging typo;
*) export - fixed value ID exporting that does not refer to any name;
*) fetch - fixed SFTP upload;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) lte - disabled extended signal info query for Telit LN940 module;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ping - fixed socket allocation after VRF change;
*) ppp - fixed active sessions sometimes getting stuck;
*) queues - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) ssh - fail non-interactive client after first invalid password;
*) supout - added IGMP-Proxy section;
*) winbox - added "Comment" parameter for BGP templates and connections;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - made "MPLS Interface" table sortable under "MPLS" menu;
*) winbox - made 56 the default ping size;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
*) winbox - show correct file system type under "System/Disks" menu;
Версия 7.3beta34
2022-04-20
What's new in 7.3beta34 (2022-Apr-20 08:23):
*) bgp - improved stability when editing BGP template;
*) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed minor logging typo;
*) export - fixed value ID exporting that does not refer to any name;
*) fetch - fixed SFTP upload;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) lte - disabled extended signal info query for Telit LN940 module;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ping - fixed socket allocation after VRF change;
*) ppp - fixed active sessions sometimes getting stuck;
*) queues - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) ssh - fail non-interactive client after first invalid password;
*) supout - added IGMP-Proxy section;
*) winbox - added "Comment" parameter for BGP templates and connections;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - made "MPLS Interface" table sortable under "MPLS" menu;
*) winbox - made 56 the default ping size;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
*) winbox - show correct file system type under "System/Disks" menu;
*) bgp - improved stability when editing BGP template;
*) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed minor logging typo;
*) export - fixed value ID exporting that does not refer to any name;
*) fetch - fixed SFTP upload;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) lte - disabled extended signal info query for Telit LN940 module;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ping - fixed socket allocation after VRF change;
*) ppp - fixed active sessions sometimes getting stuck;
*) queues - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) ssh - fail non-interactive client after first invalid password;
*) supout - added IGMP-Proxy section;
*) winbox - added "Comment" parameter for BGP templates and connections;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - made "MPLS Interface" table sortable under "MPLS" menu;
*) winbox - made 56 the default ping size;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
*) winbox - show correct file system type under "System/Disks" menu;
Версия 7.3beta34
2022-04-20
What's new in 7.3beta34 (2022-Apr-20 08:23):
*) bgp - improved stability when editing BGP template;
*) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed minor logging typo;
*) export - fixed value ID exporting that does not refer to any name;
*) fetch - fixed SFTP upload;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) lte - disabled extended signal info query for Telit LN940 module;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ping - fixed socket allocation after VRF change;
*) ppp - fixed active sessions sometimes getting stuck;
*) queues - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) ssh - fail non-interactive client after first invalid password;
*) supout - added IGMP-Proxy section;
*) winbox - added "Comment" parameter for BGP templates and connections;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - made "MPLS Interface" table sortable under "MPLS" menu;
*) winbox - made 56 the default ping size;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
*) winbox - show correct file system type under "System/Disks" menu;
*) bgp - improved stability when editing BGP template;
*) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed minor logging typo;
*) export - fixed value ID exporting that does not refer to any name;
*) fetch - fixed SFTP upload;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) lte - disabled extended signal info query for Telit LN940 module;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ping - fixed socket allocation after VRF change;
*) ppp - fixed active sessions sometimes getting stuck;
*) queues - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) ssh - fail non-interactive client after first invalid password;
*) supout - added IGMP-Proxy section;
*) winbox - added "Comment" parameter for BGP templates and connections;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - made "MPLS Interface" table sortable under "MPLS" menu;
*) winbox - made 56 the default ping size;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
*) winbox - show correct file system type under "System/Disks" menu;
Версия 7.3beta33
2022-04-13
What's new in 7.3beta33 (2022-Apr-11 14:09):
*) bgp - added initial support for prefix limit;
*) bonding - added "lacp-user-key" setting;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
*) filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
*) gps - added GPS package support for Chateau devices;
*) ipv6 - added "ra-preference" parameter support for RA;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lora - do not allow setting non-existing forwarding server;
*) lora - fixed bogus TOO_EARLY errors;
*) lora - removed TX lookup table;
*) lte - added MCS, CQI and RI value reporting for Fibocom FG621;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - disabled wait for LTE auto attach;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
*) lte - fixed Sierra MC7455 modem initialization;
*) lte - hide slave interfaces from export;
*) lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) ntp - fixed "use-local-clock" behavior when enabling server;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) port - do not loose "parity" setting;
*) route - fixed "nexthop" table printing;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) routerboard - fixed USB bus numbering on LtAP and M33G;
*) routerboot - added extra shortcut information on how to boot into etherboot;
*) sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
*) sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
*) snmp - hide Vendor ID in DHCP MIB when branding is present;
*) supout - added IGMP-Proxy section;
*) supout - added NTP servers section;
*) supout - added PIMSM section;
*) supout - added RIP section;
*) supout - added WireGuard section;
*) switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
*) system - fixed IP service initialization in VRF after system startup;
*) torch - properly capture all related IPv6 traffic;
*) tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
*) upnp - improved stability when processing incomplete HTTP header;
*) user-manager - added "Acct-Interim-Interval" to predefined attribute list;
*) w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
*) webfig - properly show all routing table content;
*) winbox - added "ra-preference" parameter under "IPv6/ND" menu;
*) winbox - added SKID and AKID parameters under "Certificate" menu;
*) winbox - added warning message for LTE upgrade process;
*) winbox - do not auto start Wireless Sniffer when opened;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - fixed graph drawing in QuickSet;
*) winbox - fixed hex type values under "User Manager" menu;
*) winbox - fixed typo in ZeroTier instance title;
*) winbox - minimal required version is v3.33;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show PVID column by default under "Bridge" menu;
*) winbox - take into account timezone for timed values under "User Manager" menu;
*) wireless - fixed "wmm-support=required" checking;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) ww2 - fixed VLAN tag handling;
*) x86 - improved support for Intel E810 NIC;
*) zerotier - added support for Controller configuration;
*) bgp - added initial support for prefix limit;
*) bonding - added "lacp-user-key" setting;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
*) filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
*) gps - added GPS package support for Chateau devices;
*) ipv6 - added "ra-preference" parameter support for RA;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lora - do not allow setting non-existing forwarding server;
*) lora - fixed bogus TOO_EARLY errors;
*) lora - removed TX lookup table;
*) lte - added MCS, CQI and RI value reporting for Fibocom FG621;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - disabled wait for LTE auto attach;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
*) lte - fixed Sierra MC7455 modem initialization;
*) lte - hide slave interfaces from export;
*) lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) ntp - fixed "use-local-clock" behavior when enabling server;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) port - do not loose "parity" setting;
*) route - fixed "nexthop" table printing;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) routerboard - fixed USB bus numbering on LtAP and M33G;
*) routerboot - added extra shortcut information on how to boot into etherboot;
*) sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
*) sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
*) snmp - hide Vendor ID in DHCP MIB when branding is present;
*) supout - added IGMP-Proxy section;
*) supout - added NTP servers section;
*) supout - added PIMSM section;
*) supout - added RIP section;
*) supout - added WireGuard section;
*) switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
*) system - fixed IP service initialization in VRF after system startup;
*) torch - properly capture all related IPv6 traffic;
*) tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
*) upnp - improved stability when processing incomplete HTTP header;
*) user-manager - added "Acct-Interim-Interval" to predefined attribute list;
*) w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
*) webfig - properly show all routing table content;
*) winbox - added "ra-preference" parameter under "IPv6/ND" menu;
*) winbox - added SKID and AKID parameters under "Certificate" menu;
*) winbox - added warning message for LTE upgrade process;
*) winbox - do not auto start Wireless Sniffer when opened;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - fixed graph drawing in QuickSet;
*) winbox - fixed hex type values under "User Manager" menu;
*) winbox - fixed typo in ZeroTier instance title;
*) winbox - minimal required version is v3.33;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show PVID column by default under "Bridge" menu;
*) winbox - take into account timezone for timed values under "User Manager" menu;
*) wireless - fixed "wmm-support=required" checking;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) ww2 - fixed VLAN tag handling;
*) x86 - improved support for Intel E810 NIC;
*) zerotier - added support for Controller configuration;
Версия 7.3beta33
2022-04-13
What's new in 7.3beta33 (2022-Apr-11 14:09):
*) bgp - added initial support for prefix limit;
*) bonding - added "lacp-user-key" setting;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
*) filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
*) gps - added GPS package support for Chateau devices;
*) ipv6 - added "ra-preference" parameter support for RA;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lora - do not allow setting non-existing forwarding server;
*) lora - fixed bogus TOO_EARLY errors;
*) lora - removed TX lookup table;
*) lte - added MCS, CQI and RI value reporting for Fibocom FG621;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - disabled wait for LTE auto attach;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
*) lte - fixed Sierra MC7455 modem initialization;
*) lte - hide slave interfaces from export;
*) lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) ntp - fixed "use-local-clock" behavior when enabling server;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) port - do not loose "parity" setting;
*) route - fixed "nexthop" table printing;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) routerboard - fixed USB bus numbering on LtAP and M33G;
*) routerboot - added extra shortcut information on how to boot into etherboot;
*) sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
*) sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
*) snmp - hide Vendor ID in DHCP MIB when branding is present;
*) supout - added IGMP-Proxy section;
*) supout - added NTP servers section;
*) supout - added PIMSM section;
*) supout - added RIP section;
*) supout - added WireGuard section;
*) switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
*) system - fixed IP service initialization in VRF after system startup;
*) torch - properly capture all related IPv6 traffic;
*) tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
*) upnp - improved stability when processing incomplete HTTP header;
*) user-manager - added "Acct-Interim-Interval" to predefined attribute list;
*) w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
*) webfig - properly show all routing table content;
*) winbox - added "ra-preference" parameter under "IPv6/ND" menu;
*) winbox - added SKID and AKID parameters under "Certificate" menu;
*) winbox - added warning message for LTE upgrade process;
*) winbox - do not auto start Wireless Sniffer when opened;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - fixed graph drawing in QuickSet;
*) winbox - fixed hex type values under "User Manager" menu;
*) winbox - fixed typo in ZeroTier instance title;
*) winbox - minimal required version is v3.33;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show PVID column by default under "Bridge" menu;
*) winbox - take into account timezone for timed values under "User Manager" menu;
*) wireless - fixed "wmm-support=required" checking;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) ww2 - fixed VLAN tag handling;
*) x86 - improved support for Intel E810 NIC;
*) zerotier - added support for Controller configuration;
*) bgp - added initial support for prefix limit;
*) bonding - added "lacp-user-key" setting;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
*) filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
*) gps - added GPS package support for Chateau devices;
*) ipv6 - added "ra-preference" parameter support for RA;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lora - do not allow setting non-existing forwarding server;
*) lora - fixed bogus TOO_EARLY errors;
*) lora - removed TX lookup table;
*) lte - added MCS, CQI and RI value reporting for Fibocom FG621;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - disabled wait for LTE auto attach;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
*) lte - fixed Sierra MC7455 modem initialization;
*) lte - hide slave interfaces from export;
*) lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) ntp - fixed "use-local-clock" behavior when enabling server;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) port - do not loose "parity" setting;
*) route - fixed "nexthop" table printing;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) routerboard - fixed USB bus numbering on LtAP and M33G;
*) routerboot - added extra shortcut information on how to boot into etherboot;
*) sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
*) sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
*) snmp - hide Vendor ID in DHCP MIB when branding is present;
*) supout - added IGMP-Proxy section;
*) supout - added NTP servers section;
*) supout - added PIMSM section;
*) supout - added RIP section;
*) supout - added WireGuard section;
*) switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
*) system - fixed IP service initialization in VRF after system startup;
*) torch - properly capture all related IPv6 traffic;
*) tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
*) upnp - improved stability when processing incomplete HTTP header;
*) user-manager - added "Acct-Interim-Interval" to predefined attribute list;
*) w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
*) webfig - properly show all routing table content;
*) winbox - added "ra-preference" parameter under "IPv6/ND" menu;
*) winbox - added SKID and AKID parameters under "Certificate" menu;
*) winbox - added warning message for LTE upgrade process;
*) winbox - do not auto start Wireless Sniffer when opened;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - fixed graph drawing in QuickSet;
*) winbox - fixed hex type values under "User Manager" menu;
*) winbox - fixed typo in ZeroTier instance title;
*) winbox - minimal required version is v3.33;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show PVID column by default under "Bridge" menu;
*) winbox - take into account timezone for timed values under "User Manager" menu;
*) wireless - fixed "wmm-support=required" checking;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) ww2 - fixed VLAN tag handling;
*) x86 - improved support for Intel E810 NIC;
*) zerotier - added support for Controller configuration;
Версия 7.3beta33
2022-04-13
What's new in 7.3beta33 (2022-Apr-11 14:09):
*) bgp - added initial support for prefix limit;
*) bonding - added "lacp-user-key" setting;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
*) filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
*) gps - added GPS package support for Chateau devices;
*) ipv6 - added "ra-preference" parameter support for RA;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lora - do not allow setting non-existing forwarding server;
*) lora - fixed bogus TOO_EARLY errors;
*) lora - removed TX lookup table;
*) lte - added MCS, CQI and RI value reporting for Fibocom FG621;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - disabled wait for LTE auto attach;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
*) lte - fixed Sierra MC7455 modem initialization;
*) lte - hide slave interfaces from export;
*) lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) ntp - fixed "use-local-clock" behavior when enabling server;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) port - do not loose "parity" setting;
*) route - fixed "nexthop" table printing;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) routerboard - fixed USB bus numbering on LtAP and M33G;
*) routerboot - added extra shortcut information on how to boot into etherboot;
*) sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
*) sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
*) snmp - hide Vendor ID in DHCP MIB when branding is present;
*) supout - added IGMP-Proxy section;
*) supout - added NTP servers section;
*) supout - added PIMSM section;
*) supout - added RIP section;
*) supout - added WireGuard section;
*) switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
*) system - fixed IP service initialization in VRF after system startup;
*) torch - properly capture all related IPv6 traffic;
*) tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
*) upnp - improved stability when processing incomplete HTTP header;
*) user-manager - added "Acct-Interim-Interval" to predefined attribute list;
*) w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
*) webfig - properly show all routing table content;
*) winbox - added "ra-preference" parameter under "IPv6/ND" menu;
*) winbox - added SKID and AKID parameters under "Certificate" menu;
*) winbox - added warning message for LTE upgrade process;
*) winbox - do not auto start Wireless Sniffer when opened;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - fixed graph drawing in QuickSet;
*) winbox - fixed hex type values under "User Manager" menu;
*) winbox - fixed typo in ZeroTier instance title;
*) winbox - minimal required version is v3.33;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show PVID column by default under "Bridge" menu;
*) winbox - take into account timezone for timed values under "User Manager" menu;
*) wireless - fixed "wmm-support=required" checking;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) ww2 - fixed VLAN tag handling;
*) x86 - improved support for Intel E810 NIC;
*) zerotier - added support for Controller configuration;
*) bgp - added initial support for prefix limit;
*) bonding - added "lacp-user-key" setting;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
*) filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
*) gps - added GPS package support for Chateau devices;
*) ipv6 - added "ra-preference" parameter support for RA;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lora - do not allow setting non-existing forwarding server;
*) lora - fixed bogus TOO_EARLY errors;
*) lora - removed TX lookup table;
*) lte - added MCS, CQI and RI value reporting for Fibocom FG621;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - disabled wait for LTE auto attach;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
*) lte - fixed Sierra MC7455 modem initialization;
*) lte - hide slave interfaces from export;
*) lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) ntp - fixed "use-local-clock" behavior when enabling server;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) port - do not loose "parity" setting;
*) route - fixed "nexthop" table printing;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) routerboard - fixed USB bus numbering on LtAP and M33G;
*) routerboot - added extra shortcut information on how to boot into etherboot;
*) sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
*) sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
*) snmp - hide Vendor ID in DHCP MIB when branding is present;
*) supout - added IGMP-Proxy section;
*) supout - added NTP servers section;
*) supout - added PIMSM section;
*) supout - added RIP section;
*) supout - added WireGuard section;
*) switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
*) system - fixed IP service initialization in VRF after system startup;
*) torch - properly capture all related IPv6 traffic;
*) tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
*) upnp - improved stability when processing incomplete HTTP header;
*) user-manager - added "Acct-Interim-Interval" to predefined attribute list;
*) w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
*) webfig - properly show all routing table content;
*) winbox - added "ra-preference" parameter under "IPv6/ND" menu;
*) winbox - added SKID and AKID parameters under "Certificate" menu;
*) winbox - added warning message for LTE upgrade process;
*) winbox - do not auto start Wireless Sniffer when opened;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - fixed graph drawing in QuickSet;
*) winbox - fixed hex type values under "User Manager" menu;
*) winbox - fixed typo in ZeroTier instance title;
*) winbox - minimal required version is v3.33;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show PVID column by default under "Bridge" menu;
*) winbox - take into account timezone for timed values under "User Manager" menu;
*) wireless - fixed "wmm-support=required" checking;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) ww2 - fixed VLAN tag handling;
*) x86 - improved support for Intel E810 NIC;
*) zerotier - added support for Controller configuration;
Версия 7.2rc7
2022-03-31
What's new in 7.2rc7 (2022-Mar-30 15:21):
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
Версия 7.2rc7
2022-03-31
What's new in 7.2rc7 (2022-Mar-30 15:21):
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
Версия 7.2rc7
2022-03-31
What's new in 7.2rc7 (2022-Mar-30 15:21):
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
Версия 7.2rc6
2022-03-30
What's new in 7.2rc6 (2022-Mar-30 10:56):
*) ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
*) dude - fixed The Dude compatibility with ARM64;
*) l2tp - improved service stability when disabling L2TP server with connected clients;
*) l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) lte - enabled multi-APN and name re-use support for Chateau;
*) lte - improved stability when modem disappears during firmware upgrade;
*) ntp - improved source address usage for reply packets;
*) ospf - properly set VRF for gateway;
*) poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) switch - properly limit maximum number of switch rules to 256 on RB5009;
*) tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
*) x86 - fixed VLAN tagged packet transmit;
*) ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
*) dude - fixed The Dude compatibility with ARM64;
*) l2tp - improved service stability when disabling L2TP server with connected clients;
*) l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) lte - enabled multi-APN and name re-use support for Chateau;
*) lte - improved stability when modem disappears during firmware upgrade;
*) ntp - improved source address usage for reply packets;
*) ospf - properly set VRF for gateway;
*) poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) switch - properly limit maximum number of switch rules to 256 on RB5009;
*) tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
*) x86 - fixed VLAN tagged packet transmit;
Версия 7.2rc6
2022-03-30
What's new in 7.2rc6 (2022-Mar-30 10:56):
*) ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
*) dude - fixed The Dude compatibility with ARM64;
*) l2tp - improved service stability when disabling L2TP server with connected clients;
*) l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) lte - enabled multi-APN and name re-use support for Chateau;
*) lte - improved stability when modem disappears during firmware upgrade;
*) ntp - improved source address usage for reply packets;
*) ospf - properly set VRF for gateway;
*) poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) switch - properly limit maximum number of switch rules to 256 on RB5009;
*) tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
*) x86 - fixed VLAN tagged packet transmit;
*) ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
*) dude - fixed The Dude compatibility with ARM64;
*) l2tp - improved service stability when disabling L2TP server with connected clients;
*) l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) lte - enabled multi-APN and name re-use support for Chateau;
*) lte - improved stability when modem disappears during firmware upgrade;
*) ntp - improved source address usage for reply packets;
*) ospf - properly set VRF for gateway;
*) poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) switch - properly limit maximum number of switch rules to 256 on RB5009;
*) tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
*) x86 - fixed VLAN tagged packet transmit;
Версия 7.2rc6
2022-03-30
What's new in 7.2rc6 (2022-Mar-30 10:56):
*) ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
*) dude - fixed The Dude compatibility with ARM64;
*) l2tp - improved service stability when disabling L2TP server with connected clients;
*) l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) lte - enabled multi-APN and name re-use support for Chateau;
*) lte - improved stability when modem disappears during firmware upgrade;
*) ntp - improved source address usage for reply packets;
*) ospf - properly set VRF for gateway;
*) poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) switch - properly limit maximum number of switch rules to 256 on RB5009;
*) tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
*) x86 - fixed VLAN tagged packet transmit;
*) ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
*) dude - fixed The Dude compatibility with ARM64;
*) l2tp - improved service stability when disabling L2TP server with connected clients;
*) l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) lte - enabled multi-APN and name re-use support for Chateau;
*) lte - improved stability when modem disappears during firmware upgrade;
*) ntp - improved source address usage for reply packets;
*) ospf - properly set VRF for gateway;
*) poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) switch - properly limit maximum number of switch rules to 256 on RB5009;
*) tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
*) x86 - fixed VLAN tagged packet transmit;
Версия 7.2rc5
2022-03-23
What's new in 7.2rc5 (2022-Mar-23 12:04):
*) api - accept "Content-Type" with specified charset;
*) arm - fixed "auto" CPU frequency setting;
*) arm64 - improved Watchdog initiated reboot reason reporting;
*) backup - fixed cloud backup's creation timezone;
*) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
*) bgp - fixed link-local iBGP address selection;
*) bgp - fixed network advertisement from address-lists after reboot;
*) bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
*) ccr2004 - improved system stability on CCR2004-12S+2XS;
*) crs1xx/2xx - fixed static switch host addresses after link down;
*) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
*) dhcpv6 - added VRF support;
*) dude - fixed The Dude client compatibility with RouterOS v7;
*) firewall - improved available port lookup for source NAT when free port range is exhausted;
*) ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
*) ipv6 - do not add duplicate dynamic prefix when static already exists;
*) ipv6 - fixed "retransmissit-interval" unit value;
*) ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
*) l2tp - fixed CHAP challenge packet processing over IPsec;
*) l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) led - fixed LED behavior on Audience;
*) led - reduced LTE signal LED range to -70;
*) log - added warning message when connection tracking table is full;
*) lte - add IPv6 address on interface as well;
*) lte - added support for Uplink CA reporting;
*) lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
*) lte - do not loose "band" configuration after reboot on Chateau 5G;
*) lte - fixed AT command response handling on R11e-LTE;
*) lte - fixed MBIM modem reset on AT timeout;
*) lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
*) ntp - improved service stability when none of the NTP servers are reachable for a while;
*) ospf - general stability improvements;
*) ospf - improved DB retransmit logging;
*) ospf - send notifies for neighbors;
*) ovpn - improved memory allocation on Tile in "ethernet" mode;
*) ovpn - improved system stability in high load scenarios;
*) pimsm - fixed menu prints;
*) pimsm - general stability improvements;
*) queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
*) rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
*) rip - added logging;
*) rip - fixed route metrics;
*) rip - fixed route redistribution;
*) rip - use nexthop with interface;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed BGP atomic aggregate value;
*) route - fixed ECMP route removal;
*) route - general stability improvements;
*) routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
*) routerboard - fixed WPS button functionality on Audience;
*) routing - added PCAP viewer tool for BGP advertisements debugging purposes;
*) routing-filter - fixed "bgp-*-communities-empty" matcher;
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) smips - improved RAM allocation;
*) switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) tr069-client - added support for 5G band configuration;
*) tr069-client - added support for wireless "skip-DFS" configuration;
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
*) winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
*) winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
*) winbox - fixed "00:00:00" time printing;
*) winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
*) winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
*) winbox - properly update server list under "System/NTP Client/Servers" menu;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) www - fixed "tls-version" for SSL;
*) x86 - allow to select disk for install image;
*) x86 - fixed NVME partition path;
*) zerotier - fixed IPv6 support;
*) api - accept "Content-Type" with specified charset;
*) arm - fixed "auto" CPU frequency setting;
*) arm64 - improved Watchdog initiated reboot reason reporting;
*) backup - fixed cloud backup's creation timezone;
*) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
*) bgp - fixed link-local iBGP address selection;
*) bgp - fixed network advertisement from address-lists after reboot;
*) bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
*) ccr2004 - improved system stability on CCR2004-12S+2XS;
*) crs1xx/2xx - fixed static switch host addresses after link down;
*) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
*) dhcpv6 - added VRF support;
*) dude - fixed The Dude client compatibility with RouterOS v7;
*) firewall - improved available port lookup for source NAT when free port range is exhausted;
*) ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
*) ipv6 - do not add duplicate dynamic prefix when static already exists;
*) ipv6 - fixed "retransmissit-interval" unit value;
*) ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
*) l2tp - fixed CHAP challenge packet processing over IPsec;
*) l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) led - fixed LED behavior on Audience;
*) led - reduced LTE signal LED range to -70;
*) log - added warning message when connection tracking table is full;
*) lte - add IPv6 address on interface as well;
*) lte - added support for Uplink CA reporting;
*) lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
*) lte - do not loose "band" configuration after reboot on Chateau 5G;
*) lte - fixed AT command response handling on R11e-LTE;
*) lte - fixed MBIM modem reset on AT timeout;
*) lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
*) ntp - improved service stability when none of the NTP servers are reachable for a while;
*) ospf - general stability improvements;
*) ospf - improved DB retransmit logging;
*) ospf - send notifies for neighbors;
*) ovpn - improved memory allocation on Tile in "ethernet" mode;
*) ovpn - improved system stability in high load scenarios;
*) pimsm - fixed menu prints;
*) pimsm - general stability improvements;
*) queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
*) rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
*) rip - added logging;
*) rip - fixed route metrics;
*) rip - fixed route redistribution;
*) rip - use nexthop with interface;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed BGP atomic aggregate value;
*) route - fixed ECMP route removal;
*) route - general stability improvements;
*) routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
*) routerboard - fixed WPS button functionality on Audience;
*) routing - added PCAP viewer tool for BGP advertisements debugging purposes;
*) routing-filter - fixed "bgp-*-communities-empty" matcher;
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) smips - improved RAM allocation;
*) switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) tr069-client - added support for 5G band configuration;
*) tr069-client - added support for wireless "skip-DFS" configuration;
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
*) winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
*) winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
*) winbox - fixed "00:00:00" time printing;
*) winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
*) winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
*) winbox - properly update server list under "System/NTP Client/Servers" menu;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) www - fixed "tls-version" for SSL;
*) x86 - allow to select disk for install image;
*) x86 - fixed NVME partition path;
*) zerotier - fixed IPv6 support;
Версия 7.2rc5
2022-03-23
What's new in 7.2rc5 (2022-Mar-23 12:04):
*) api - accept "Content-Type" with specified charset;
*) arm - fixed "auto" CPU frequency setting;
*) arm64 - improved Watchdog initiated reboot reason reporting;
*) backup - fixed cloud backup's creation timezone;
*) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
*) bgp - fixed link-local iBGP address selection;
*) bgp - fixed network advertisement from address-lists after reboot;
*) bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
*) ccr2004 - improved system stability on CCR2004-12S+2XS;
*) crs1xx/2xx - fixed static switch host addresses after link down;
*) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
*) dhcpv6 - added VRF support;
*) dude - fixed The Dude client compatibility with RouterOS v7;
*) firewall - improved available port lookup for source NAT when free port range is exhausted;
*) ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
*) ipv6 - do not add duplicate dynamic prefix when static already exists;
*) ipv6 - fixed "retransmissit-interval" unit value;
*) ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
*) l2tp - fixed CHAP challenge packet processing over IPsec;
*) l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) led - fixed LED behavior on Audience;
*) led - reduced LTE signal LED range to -70;
*) log - added warning message when connection tracking table is full;
*) lte - add IPv6 address on interface as well;
*) lte - added support for Uplink CA reporting;
*) lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
*) lte - do not loose "band" configuration after reboot on Chateau 5G;
*) lte - fixed AT command response handling on R11e-LTE;
*) lte - fixed MBIM modem reset on AT timeout;
*) lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
*) ntp - improved service stability when none of the NTP servers are reachable for a while;
*) ospf - general stability improvements;
*) ospf - improved DB retransmit logging;
*) ospf - send notifies for neighbors;
*) ovpn - improved memory allocation on Tile in "ethernet" mode;
*) ovpn - improved system stability in high load scenarios;
*) pimsm - fixed menu prints;
*) pimsm - general stability improvements;
*) queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
*) rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
*) rip - added logging;
*) rip - fixed route metrics;
*) rip - fixed route redistribution;
*) rip - use nexthop with interface;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed BGP atomic aggregate value;
*) route - fixed ECMP route removal;
*) route - general stability improvements;
*) routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
*) routerboard - fixed WPS button functionality on Audience;
*) routing - added PCAP viewer tool for BGP advertisements debugging purposes;
*) routing-filter - fixed "bgp-*-communities-empty" matcher;
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) smips - improved RAM allocation;
*) switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) tr069-client - added support for 5G band configuration;
*) tr069-client - added support for wireless "skip-DFS" configuration;
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
*) winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
*) winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
*) winbox - fixed "00:00:00" time printing;
*) winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
*) winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
*) winbox - properly update server list under "System/NTP Client/Servers" menu;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) www - fixed "tls-version" for SSL;
*) x86 - allow to select disk for install image;
*) x86 - fixed NVME partition path;
*) zerotier - fixed IPv6 support;
*) api - accept "Content-Type" with specified charset;
*) arm - fixed "auto" CPU frequency setting;
*) arm64 - improved Watchdog initiated reboot reason reporting;
*) backup - fixed cloud backup's creation timezone;
*) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
*) bgp - fixed link-local iBGP address selection;
*) bgp - fixed network advertisement from address-lists after reboot;
*) bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
*) ccr2004 - improved system stability on CCR2004-12S+2XS;
*) crs1xx/2xx - fixed static switch host addresses after link down;
*) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
*) dhcpv6 - added VRF support;
*) dude - fixed The Dude client compatibility with RouterOS v7;
*) firewall - improved available port lookup for source NAT when free port range is exhausted;
*) ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
*) ipv6 - do not add duplicate dynamic prefix when static already exists;
*) ipv6 - fixed "retransmissit-interval" unit value;
*) ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
*) l2tp - fixed CHAP challenge packet processing over IPsec;
*) l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) led - fixed LED behavior on Audience;
*) led - reduced LTE signal LED range to -70;
*) log - added warning message when connection tracking table is full;
*) lte - add IPv6 address on interface as well;
*) lte - added support for Uplink CA reporting;
*) lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
*) lte - do not loose "band" configuration after reboot on Chateau 5G;
*) lte - fixed AT command response handling on R11e-LTE;
*) lte - fixed MBIM modem reset on AT timeout;
*) lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
*) ntp - improved service stability when none of the NTP servers are reachable for a while;
*) ospf - general stability improvements;
*) ospf - improved DB retransmit logging;
*) ospf - send notifies for neighbors;
*) ovpn - improved memory allocation on Tile in "ethernet" mode;
*) ovpn - improved system stability in high load scenarios;
*) pimsm - fixed menu prints;
*) pimsm - general stability improvements;
*) queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
*) rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
*) rip - added logging;
*) rip - fixed route metrics;
*) rip - fixed route redistribution;
*) rip - use nexthop with interface;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed BGP atomic aggregate value;
*) route - fixed ECMP route removal;
*) route - general stability improvements;
*) routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
*) routerboard - fixed WPS button functionality on Audience;
*) routing - added PCAP viewer tool for BGP advertisements debugging purposes;
*) routing-filter - fixed "bgp-*-communities-empty" matcher;
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) smips - improved RAM allocation;
*) switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) tr069-client - added support for 5G band configuration;
*) tr069-client - added support for wireless "skip-DFS" configuration;
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
*) winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
*) winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
*) winbox - fixed "00:00:00" time printing;
*) winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
*) winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
*) winbox - properly update server list under "System/NTP Client/Servers" menu;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) www - fixed "tls-version" for SSL;
*) x86 - allow to select disk for install image;
*) x86 - fixed NVME partition path;
*) zerotier - fixed IPv6 support;
Версия 7.2rc5
2022-03-23
What's new in 7.2rc5 (2022-Mar-23 12:04):
*) api - accept "Content-Type" with specified charset;
*) arm - fixed "auto" CPU frequency setting;
*) arm64 - improved Watchdog initiated reboot reason reporting;
*) backup - fixed cloud backup's creation timezone;
*) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
*) bgp - fixed link-local iBGP address selection;
*) bgp - fixed network advertisement from address-lists after reboot;
*) bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
*) ccr2004 - improved system stability on CCR2004-12S+2XS;
*) crs1xx/2xx - fixed static switch host addresses after link down;
*) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
*) dhcpv6 - added VRF support;
*) dude - fixed The Dude client compatibility with RouterOS v7;
*) firewall - improved available port lookup for source NAT when free port range is exhausted;
*) ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
*) ipv6 - do not add duplicate dynamic prefix when static already exists;
*) ipv6 - fixed "retransmissit-interval" unit value;
*) ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
*) l2tp - fixed CHAP challenge packet processing over IPsec;
*) l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) led - fixed LED behavior on Audience;
*) led - reduced LTE signal LED range to -70;
*) log - added warning message when connection tracking table is full;
*) lte - add IPv6 address on interface as well;
*) lte - added support for Uplink CA reporting;
*) lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
*) lte - do not loose "band" configuration after reboot on Chateau 5G;
*) lte - fixed AT command response handling on R11e-LTE;
*) lte - fixed MBIM modem reset on AT timeout;
*) lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
*) ntp - improved service stability when none of the NTP servers are reachable for a while;
*) ospf - general stability improvements;
*) ospf - improved DB retransmit logging;
*) ospf - send notifies for neighbors;
*) ovpn - improved memory allocation on Tile in "ethernet" mode;
*) ovpn - improved system stability in high load scenarios;
*) pimsm - fixed menu prints;
*) pimsm - general stability improvements;
*) queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
*) rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
*) rip - added logging;
*) rip - fixed route metrics;
*) rip - fixed route redistribution;
*) rip - use nexthop with interface;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed BGP atomic aggregate value;
*) route - fixed ECMP route removal;
*) route - general stability improvements;
*) routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
*) routerboard - fixed WPS button functionality on Audience;
*) routing - added PCAP viewer tool for BGP advertisements debugging purposes;
*) routing-filter - fixed "bgp-*-communities-empty" matcher;
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) smips - improved RAM allocation;
*) switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) tr069-client - added support for 5G band configuration;
*) tr069-client - added support for wireless "skip-DFS" configuration;
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
*) winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
*) winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
*) winbox - fixed "00:00:00" time printing;
*) winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
*) winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
*) winbox - properly update server list under "System/NTP Client/Servers" menu;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) www - fixed "tls-version" for SSL;
*) x86 - allow to select disk for install image;
*) x86 - fixed NVME partition path;
*) zerotier - fixed IPv6 support;
*) api - accept "Content-Type" with specified charset;
*) arm - fixed "auto" CPU frequency setting;
*) arm64 - improved Watchdog initiated reboot reason reporting;
*) backup - fixed cloud backup's creation timezone;
*) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
*) bgp - fixed link-local iBGP address selection;
*) bgp - fixed network advertisement from address-lists after reboot;
*) bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
*) ccr2004 - improved system stability on CCR2004-12S+2XS;
*) crs1xx/2xx - fixed static switch host addresses after link down;
*) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
*) dhcpv6 - added VRF support;
*) dude - fixed The Dude client compatibility with RouterOS v7;
*) firewall - improved available port lookup for source NAT when free port range is exhausted;
*) ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
*) ipv6 - do not add duplicate dynamic prefix when static already exists;
*) ipv6 - fixed "retransmissit-interval" unit value;
*) ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
*) l2tp - fixed CHAP challenge packet processing over IPsec;
*) l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) led - fixed LED behavior on Audience;
*) led - reduced LTE signal LED range to -70;
*) log - added warning message when connection tracking table is full;
*) lte - add IPv6 address on interface as well;
*) lte - added support for Uplink CA reporting;
*) lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
*) lte - do not loose "band" configuration after reboot on Chateau 5G;
*) lte - fixed AT command response handling on R11e-LTE;
*) lte - fixed MBIM modem reset on AT timeout;
*) lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
*) ntp - improved service stability when none of the NTP servers are reachable for a while;
*) ospf - general stability improvements;
*) ospf - improved DB retransmit logging;
*) ospf - send notifies for neighbors;
*) ovpn - improved memory allocation on Tile in "ethernet" mode;
*) ovpn - improved system stability in high load scenarios;
*) pimsm - fixed menu prints;
*) pimsm - general stability improvements;
*) queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
*) rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
*) rip - added logging;
*) rip - fixed route metrics;
*) rip - fixed route redistribution;
*) rip - use nexthop with interface;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed BGP atomic aggregate value;
*) route - fixed ECMP route removal;
*) route - general stability improvements;
*) routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
*) routerboard - fixed WPS button functionality on Audience;
*) routing - added PCAP viewer tool for BGP advertisements debugging purposes;
*) routing-filter - fixed "bgp-*-communities-empty" matcher;
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) smips - improved RAM allocation;
*) switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) tr069-client - added support for 5G band configuration;
*) tr069-client - added support for wireless "skip-DFS" configuration;
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
*) winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
*) winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
*) winbox - fixed "00:00:00" time printing;
*) winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
*) winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
*) winbox - properly update server list under "System/NTP Client/Servers" menu;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) www - fixed "tls-version" for SSL;
*) x86 - allow to select disk for install image;
*) x86 - fixed NVME partition path;
*) zerotier - fixed IPv6 support;
Версия 7.2rc4
2022-02-23
What's new in 7.2rc4 (2022-Feb-22 13:37):
*) bgp - fixed VPNv4 route sending to remote peer;
*) bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) bridge - fixed IP address on untagged bridge interface when vlan-filtering is enabled (introduced in v7.2rc2);
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter and NAT "set-priority" on ARM64 devices;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) console - fixed terminal repainting on F5 and CTRL+L key press (introduced in v7.2rc2);
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) l2tp - improved system stability when processing L2TP control messages;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ppp - added "comment" option for PPPoE servers;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) queue - improved system stability when using more than 255 unique packet marks;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed route addition to VRF from BGP;
*) route-filters - renamed "*-set" to "*-list";
*) sms - increased "at-chat" timeout when sending SMS;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) ups - fixed UPS support;
*) vxlan - fixed "group" and "interface" setting reset after upgrade (introduced in v7.2rc2);
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) wifiwave2 - added "client-isolation" feature;
*) winbox - added "host-uniq" parameter to PPPoE client interface;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) wireguard - allow same peer's public key for different interfaces;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - improved nv2 link stability;
*) bgp - fixed VPNv4 route sending to remote peer;
*) bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) bridge - fixed IP address on untagged bridge interface when vlan-filtering is enabled (introduced in v7.2rc2);
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter and NAT "set-priority" on ARM64 devices;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) console - fixed terminal repainting on F5 and CTRL+L key press (introduced in v7.2rc2);
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) l2tp - improved system stability when processing L2TP control messages;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ppp - added "comment" option for PPPoE servers;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) queue - improved system stability when using more than 255 unique packet marks;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed route addition to VRF from BGP;
*) route-filters - renamed "*-set" to "*-list";
*) sms - increased "at-chat" timeout when sending SMS;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) ups - fixed UPS support;
*) vxlan - fixed "group" and "interface" setting reset after upgrade (introduced in v7.2rc2);
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) wifiwave2 - added "client-isolation" feature;
*) winbox - added "host-uniq" parameter to PPPoE client interface;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) wireguard - allow same peer's public key for different interfaces;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - improved nv2 link stability;
Версия 7.2rc4
2022-02-23
What's new in 7.2rc4 (2022-Feb-22 13:37):
*) bgp - fixed VPNv4 route sending to remote peer;
*) bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) bridge - fixed IP address on untagged bridge interface when vlan-filtering is enabled (introduced in v7.2rc2);
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter and NAT "set-priority" on ARM64 devices;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) console - fixed terminal repainting on F5 and CTRL+L key press (introduced in v7.2rc2);
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) l2tp - improved system stability when processing L2TP control messages;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ppp - added "comment" option for PPPoE servers;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) queue - improved system stability when using more than 255 unique packet marks;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed route addition to VRF from BGP;
*) route-filters - renamed "*-set" to "*-list";
*) sms - increased "at-chat" timeout when sending SMS;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) ups - fixed UPS support;
*) vxlan - fixed "group" and "interface" setting reset after upgrade (introduced in v7.2rc2);
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) wifiwave2 - added "client-isolation" feature;
*) winbox - added "host-uniq" parameter to PPPoE client interface;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) wireguard - allow same peer's public key for different interfaces;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - improved nv2 link stability;
*) bgp - fixed VPNv4 route sending to remote peer;
*) bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) bridge - fixed IP address on untagged bridge interface when vlan-filtering is enabled (introduced in v7.2rc2);
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter and NAT "set-priority" on ARM64 devices;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) console - fixed terminal repainting on F5 and CTRL+L key press (introduced in v7.2rc2);
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) l2tp - improved system stability when processing L2TP control messages;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ppp - added "comment" option for PPPoE servers;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) queue - improved system stability when using more than 255 unique packet marks;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed route addition to VRF from BGP;
*) route-filters - renamed "*-set" to "*-list";
*) sms - increased "at-chat" timeout when sending SMS;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) ups - fixed UPS support;
*) vxlan - fixed "group" and "interface" setting reset after upgrade (introduced in v7.2rc2);
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) wifiwave2 - added "client-isolation" feature;
*) winbox - added "host-uniq" parameter to PPPoE client interface;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) wireguard - allow same peer's public key for different interfaces;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - improved nv2 link stability;
Версия 7.2rc4
2022-02-23
What's new in 7.2rc4 (2022-Feb-22 13:37):
*) bgp - fixed VPNv4 route sending to remote peer;
*) bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) bridge - fixed IP address on untagged bridge interface when vlan-filtering is enabled (introduced in v7.2rc2);
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter and NAT "set-priority" on ARM64 devices;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) console - fixed terminal repainting on F5 and CTRL+L key press (introduced in v7.2rc2);
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) l2tp - improved system stability when processing L2TP control messages;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ppp - added "comment" option for PPPoE servers;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) queue - improved system stability when using more than 255 unique packet marks;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed route addition to VRF from BGP;
*) route-filters - renamed "*-set" to "*-list";
*) sms - increased "at-chat" timeout when sending SMS;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) ups - fixed UPS support;
*) vxlan - fixed "group" and "interface" setting reset after upgrade (introduced in v7.2rc2);
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) wifiwave2 - added "client-isolation" feature;
*) winbox - added "host-uniq" parameter to PPPoE client interface;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) wireguard - allow same peer's public key for different interfaces;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - improved nv2 link stability;
*) bgp - fixed VPNv4 route sending to remote peer;
*) bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) bridge - fixed IP address on untagged bridge interface when vlan-filtering is enabled (introduced in v7.2rc2);
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter and NAT "set-priority" on ARM64 devices;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) console - fixed terminal repainting on F5 and CTRL+L key press (introduced in v7.2rc2);
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) l2tp - improved system stability when processing L2TP control messages;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ppp - added "comment" option for PPPoE servers;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) queue - improved system stability when using more than 255 unique packet marks;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed route addition to VRF from BGP;
*) route-filters - renamed "*-set" to "*-list";
*) sms - increased "at-chat" timeout when sending SMS;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) ups - fixed UPS support;
*) vxlan - fixed "group" and "interface" setting reset after upgrade (introduced in v7.2rc2);
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) wifiwave2 - added "client-isolation" feature;
*) winbox - added "host-uniq" parameter to PPPoE client interface;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) wireguard - allow same peer's public key for different interfaces;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - improved nv2 link stability;
Версия 7.2rc3
2022-01-28
What's new in 7.2rc3 (2022-Jan-28 16:33):
*) bridge - fixed filter and NAT "set-priority" action;
*) queue - fixed traffic processing (introduced in v7.2rc2);
*) bridge - fixed filter and NAT "set-priority" action;
*) queue - fixed traffic processing (introduced in v7.2rc2);
Версия 7.2rc3
2022-01-28
What's new in 7.2rc3 (2022-Jan-28 16:33):
*) bridge - fixed filter and NAT "set-priority" action;
*) queue - fixed traffic processing (introduced in v7.2rc2);
*) bridge - fixed filter and NAT "set-priority" action;
*) queue - fixed traffic processing (introduced in v7.2rc2);
Версия 7.2rc3
2022-01-28
What's new in 7.2rc3 (2022-Jan-28 16:33):
*) bridge - fixed filter and NAT "set-priority" action;
*) queue - fixed traffic processing (introduced in v7.2rc2);
*) bridge - fixed filter and NAT "set-priority" action;
*) queue - fixed traffic processing (introduced in v7.2rc2);
Версия 7.2rc2
2022-01-28
What's new in 7.2rc2 (2022-Jan-28 11:00):
*) arm - fixed "shutdown" command on hAP ac^2;
*) bgp - fixed routing table and BGP configuration order in export;
*) bluetooth - disable scanning by default;
*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) capsman - improved stability when running background scan on CAP;
*) clock - properly notify all instances about time changes;
*) conntrack - properly detect helper status;
*) console - improved console responsiveness when processing received characters;
*) console - updated copyright notice;
*) crs3xx - fixed QSFP+ interface LEDs;
*) crs3xx - fixed optical SFP+ linking (introduced in v7.2rc1);
*) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
*) crs3xx - improved SFP+/QSFP+ link stability for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v7.2rc1);
*) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
*) dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
*) dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
*) firewall - improved system stability when using address lists (introduced in v7.2rc1);
*) hotspot - fixed memory leak on every web page loading;
*) hotspot - fixed web page loading using HTTPS;
*) ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed user LED on RB750Gr3;
*) log - include message also in e-mail body;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - do not show external antenna selector on devices that does not support it;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
*) lte - fixed support for Sierra MC7710;
*) lte - fixed support for Telit 960;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed MD5 authentication;
*) ospf - fixed NBMA hello's not being sent if priority is set to 0;
*) ospf - fixed default type-3 LSA's not being injected to stub area;
*) ospf - fixed incorrect LSA types when changing area types;
*) ospf - fixed neighbor election failure;
*) ospf - improved logging;
*) ospf - improved stability on OSPFv3 instance disabling;
*) ovpn - improved UDP session handling;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) pptp - show insecure connection warning on dynamic interfaces;
*) qsfp - correctly display auto-negotiation status;
*) queue - improved system stability when processing traffic;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed router's LSA for PTP networks;
*) route - fixed routing configuration export on SMIPS devices;
*) route - improved routing table print speed;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed "return" action;
*) route-filter - fixed complex matchers with "|| or and &&";
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) smb - fixed SMB2.0 disk size reporting;
*) snmp - added SFP vendor name to optical table;
*) snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
*) snmp - allow two level nesting for vlan, bonding speed query;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) traffic-generator - fixed transmit speed for multiple asymmetric streams;
*) usb - fixed display of incorrect port count for USB serial ports;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) vxlan - allow unsetting "group" and "interface" properties;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
*) winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
*) winbox - added "Ignore Missing" selector to "System/Packages" menu;
*) winbox - added "Routing Table" parameter for IPv6 routes;
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added "comment" parameter to "User Manager/Users" menu;
*) winbox - added MLAG support;
*) winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
*) winbox - added ZeroTier support;
*) winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed CHR License renewing process;
*) winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) winbox - properly save "IPv6/Settings" menu in session file;
*) winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
*) winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
*) winbox - show "System/SwOS" menu only on boards that have dual boot;
*) winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
*) wireless - improved wireless connection stability during background scans;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) x86 - added support for Intel E810 NIC;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) zerotier - made MAC and MTU values read-only;
*) arm - fixed "shutdown" command on hAP ac^2;
*) bgp - fixed routing table and BGP configuration order in export;
*) bluetooth - disable scanning by default;
*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) capsman - improved stability when running background scan on CAP;
*) clock - properly notify all instances about time changes;
*) conntrack - properly detect helper status;
*) console - improved console responsiveness when processing received characters;
*) console - updated copyright notice;
*) crs3xx - fixed QSFP+ interface LEDs;
*) crs3xx - fixed optical SFP+ linking (introduced in v7.2rc1);
*) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
*) crs3xx - improved SFP+/QSFP+ link stability for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v7.2rc1);
*) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
*) dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
*) dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
*) firewall - improved system stability when using address lists (introduced in v7.2rc1);
*) hotspot - fixed memory leak on every web page loading;
*) hotspot - fixed web page loading using HTTPS;
*) ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed user LED on RB750Gr3;
*) log - include message also in e-mail body;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - do not show external antenna selector on devices that does not support it;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
*) lte - fixed support for Sierra MC7710;
*) lte - fixed support for Telit 960;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed MD5 authentication;
*) ospf - fixed NBMA hello's not being sent if priority is set to 0;
*) ospf - fixed default type-3 LSA's not being injected to stub area;
*) ospf - fixed incorrect LSA types when changing area types;
*) ospf - fixed neighbor election failure;
*) ospf - improved logging;
*) ospf - improved stability on OSPFv3 instance disabling;
*) ovpn - improved UDP session handling;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) pptp - show insecure connection warning on dynamic interfaces;
*) qsfp - correctly display auto-negotiation status;
*) queue - improved system stability when processing traffic;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed router's LSA for PTP networks;
*) route - fixed routing configuration export on SMIPS devices;
*) route - improved routing table print speed;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed "return" action;
*) route-filter - fixed complex matchers with "|| or and &&";
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) smb - fixed SMB2.0 disk size reporting;
*) snmp - added SFP vendor name to optical table;
*) snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
*) snmp - allow two level nesting for vlan, bonding speed query;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) traffic-generator - fixed transmit speed for multiple asymmetric streams;
*) usb - fixed display of incorrect port count for USB serial ports;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) vxlan - allow unsetting "group" and "interface" properties;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
*) winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
*) winbox - added "Ignore Missing" selector to "System/Packages" menu;
*) winbox - added "Routing Table" parameter for IPv6 routes;
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added "comment" parameter to "User Manager/Users" menu;
*) winbox - added MLAG support;
*) winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
*) winbox - added ZeroTier support;
*) winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed CHR License renewing process;
*) winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) winbox - properly save "IPv6/Settings" menu in session file;
*) winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
*) winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
*) winbox - show "System/SwOS" menu only on boards that have dual boot;
*) winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
*) wireless - improved wireless connection stability during background scans;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) x86 - added support for Intel E810 NIC;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) zerotier - made MAC and MTU values read-only;
Версия 7.2rc2
2022-01-28
What's new in 7.2rc2 (2022-Jan-28 11:00):
*) arm - fixed "shutdown" command on hAP ac^2;
*) bgp - fixed routing table and BGP configuration order in export;
*) bluetooth - disable scanning by default;
*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) capsman - improved stability when running background scan on CAP;
*) clock - properly notify all instances about time changes;
*) conntrack - properly detect helper status;
*) console - improved console responsiveness when processing received characters;
*) console - updated copyright notice;
*) crs3xx - fixed QSFP+ interface LEDs;
*) crs3xx - fixed optical SFP+ linking (introduced in v7.2rc1);
*) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
*) crs3xx - improved SFP+/QSFP+ link stability for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v7.2rc1);
*) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
*) dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
*) dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
*) firewall - improved system stability when using address lists (introduced in v7.2rc1);
*) hotspot - fixed memory leak on every web page loading;
*) hotspot - fixed web page loading using HTTPS;
*) ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed user LED on RB750Gr3;
*) log - include message also in e-mail body;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - do not show external antenna selector on devices that does not support it;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
*) lte - fixed support for Sierra MC7710;
*) lte - fixed support for Telit 960;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed MD5 authentication;
*) ospf - fixed NBMA hello's not being sent if priority is set to 0;
*) ospf - fixed default type-3 LSA's not being injected to stub area;
*) ospf - fixed incorrect LSA types when changing area types;
*) ospf - fixed neighbor election failure;
*) ospf - improved logging;
*) ospf - improved stability on OSPFv3 instance disabling;
*) ovpn - improved UDP session handling;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) pptp - show insecure connection warning on dynamic interfaces;
*) qsfp - correctly display auto-negotiation status;
*) queue - improved system stability when processing traffic;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed router's LSA for PTP networks;
*) route - fixed routing configuration export on SMIPS devices;
*) route - improved routing table print speed;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed "return" action;
*) route-filter - fixed complex matchers with "|| or and &&";
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) smb - fixed SMB2.0 disk size reporting;
*) snmp - added SFP vendor name to optical table;
*) snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
*) snmp - allow two level nesting for vlan, bonding speed query;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) traffic-generator - fixed transmit speed for multiple asymmetric streams;
*) usb - fixed display of incorrect port count for USB serial ports;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) vxlan - allow unsetting "group" and "interface" properties;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
*) winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
*) winbox - added "Ignore Missing" selector to "System/Packages" menu;
*) winbox - added "Routing Table" parameter for IPv6 routes;
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added "comment" parameter to "User Manager/Users" menu;
*) winbox - added MLAG support;
*) winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
*) winbox - added ZeroTier support;
*) winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed CHR License renewing process;
*) winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) winbox - properly save "IPv6/Settings" menu in session file;
*) winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
*) winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
*) winbox - show "System/SwOS" menu only on boards that have dual boot;
*) winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
*) wireless - improved wireless connection stability during background scans;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) x86 - added support for Intel E810 NIC;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) zerotier - made MAC and MTU values read-only;
*) arm - fixed "shutdown" command on hAP ac^2;
*) bgp - fixed routing table and BGP configuration order in export;
*) bluetooth - disable scanning by default;
*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) capsman - improved stability when running background scan on CAP;
*) clock - properly notify all instances about time changes;
*) conntrack - properly detect helper status;
*) console - improved console responsiveness when processing received characters;
*) console - updated copyright notice;
*) crs3xx - fixed QSFP+ interface LEDs;
*) crs3xx - fixed optical SFP+ linking (introduced in v7.2rc1);
*) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
*) crs3xx - improved SFP+/QSFP+ link stability for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v7.2rc1);
*) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
*) dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
*) dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
*) firewall - improved system stability when using address lists (introduced in v7.2rc1);
*) hotspot - fixed memory leak on every web page loading;
*) hotspot - fixed web page loading using HTTPS;
*) ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed user LED on RB750Gr3;
*) log - include message also in e-mail body;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - do not show external antenna selector on devices that does not support it;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
*) lte - fixed support for Sierra MC7710;
*) lte - fixed support for Telit 960;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed MD5 authentication;
*) ospf - fixed NBMA hello's not being sent if priority is set to 0;
*) ospf - fixed default type-3 LSA's not being injected to stub area;
*) ospf - fixed incorrect LSA types when changing area types;
*) ospf - fixed neighbor election failure;
*) ospf - improved logging;
*) ospf - improved stability on OSPFv3 instance disabling;
*) ovpn - improved UDP session handling;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) pptp - show insecure connection warning on dynamic interfaces;
*) qsfp - correctly display auto-negotiation status;
*) queue - improved system stability when processing traffic;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed router's LSA for PTP networks;
*) route - fixed routing configuration export on SMIPS devices;
*) route - improved routing table print speed;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed "return" action;
*) route-filter - fixed complex matchers with "|| or and &&";
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) smb - fixed SMB2.0 disk size reporting;
*) snmp - added SFP vendor name to optical table;
*) snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
*) snmp - allow two level nesting for vlan, bonding speed query;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) traffic-generator - fixed transmit speed for multiple asymmetric streams;
*) usb - fixed display of incorrect port count for USB serial ports;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) vxlan - allow unsetting "group" and "interface" properties;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
*) winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
*) winbox - added "Ignore Missing" selector to "System/Packages" menu;
*) winbox - added "Routing Table" parameter for IPv6 routes;
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added "comment" parameter to "User Manager/Users" menu;
*) winbox - added MLAG support;
*) winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
*) winbox - added ZeroTier support;
*) winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed CHR License renewing process;
*) winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) winbox - properly save "IPv6/Settings" menu in session file;
*) winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
*) winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
*) winbox - show "System/SwOS" menu only on boards that have dual boot;
*) winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
*) wireless - improved wireless connection stability during background scans;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) x86 - added support for Intel E810 NIC;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) zerotier - made MAC and MTU values read-only;
Версия 7.2rc2
2022-01-28
What's new in 7.2rc2 (2022-Jan-28 11:00):
*) arm - fixed "shutdown" command on hAP ac^2;
*) bgp - fixed routing table and BGP configuration order in export;
*) bluetooth - disable scanning by default;
*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) capsman - improved stability when running background scan on CAP;
*) clock - properly notify all instances about time changes;
*) conntrack - properly detect helper status;
*) console - improved console responsiveness when processing received characters;
*) console - updated copyright notice;
*) crs3xx - fixed QSFP+ interface LEDs;
*) crs3xx - fixed optical SFP+ linking (introduced in v7.2rc1);
*) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
*) crs3xx - improved SFP+/QSFP+ link stability for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v7.2rc1);
*) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
*) dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
*) dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
*) firewall - improved system stability when using address lists (introduced in v7.2rc1);
*) hotspot - fixed memory leak on every web page loading;
*) hotspot - fixed web page loading using HTTPS;
*) ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed user LED on RB750Gr3;
*) log - include message also in e-mail body;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - do not show external antenna selector on devices that does not support it;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
*) lte - fixed support for Sierra MC7710;
*) lte - fixed support for Telit 960;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed MD5 authentication;
*) ospf - fixed NBMA hello's not being sent if priority is set to 0;
*) ospf - fixed default type-3 LSA's not being injected to stub area;
*) ospf - fixed incorrect LSA types when changing area types;
*) ospf - fixed neighbor election failure;
*) ospf - improved logging;
*) ospf - improved stability on OSPFv3 instance disabling;
*) ovpn - improved UDP session handling;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) pptp - show insecure connection warning on dynamic interfaces;
*) qsfp - correctly display auto-negotiation status;
*) queue - improved system stability when processing traffic;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed router's LSA for PTP networks;
*) route - fixed routing configuration export on SMIPS devices;
*) route - improved routing table print speed;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed "return" action;
*) route-filter - fixed complex matchers with "|| or and &&";
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) smb - fixed SMB2.0 disk size reporting;
*) snmp - added SFP vendor name to optical table;
*) snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
*) snmp - allow two level nesting for vlan, bonding speed query;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) traffic-generator - fixed transmit speed for multiple asymmetric streams;
*) usb - fixed display of incorrect port count for USB serial ports;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) vxlan - allow unsetting "group" and "interface" properties;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
*) winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
*) winbox - added "Ignore Missing" selector to "System/Packages" menu;
*) winbox - added "Routing Table" parameter for IPv6 routes;
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added "comment" parameter to "User Manager/Users" menu;
*) winbox - added MLAG support;
*) winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
*) winbox - added ZeroTier support;
*) winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed CHR License renewing process;
*) winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) winbox - properly save "IPv6/Settings" menu in session file;
*) winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
*) winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
*) winbox - show "System/SwOS" menu only on boards that have dual boot;
*) winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
*) wireless - improved wireless connection stability during background scans;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) x86 - added support for Intel E810 NIC;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) zerotier - made MAC and MTU values read-only;
*) arm - fixed "shutdown" command on hAP ac^2;
*) bgp - fixed routing table and BGP configuration order in export;
*) bluetooth - disable scanning by default;
*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) capsman - improved stability when running background scan on CAP;
*) clock - properly notify all instances about time changes;
*) conntrack - properly detect helper status;
*) console - improved console responsiveness when processing received characters;
*) console - updated copyright notice;
*) crs3xx - fixed QSFP+ interface LEDs;
*) crs3xx - fixed optical SFP+ linking (introduced in v7.2rc1);
*) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
*) crs3xx - improved SFP+/QSFP+ link stability for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v7.2rc1);
*) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
*) dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
*) dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
*) firewall - improved system stability when using address lists (introduced in v7.2rc1);
*) hotspot - fixed memory leak on every web page loading;
*) hotspot - fixed web page loading using HTTPS;
*) ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed user LED on RB750Gr3;
*) log - include message also in e-mail body;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - do not show external antenna selector on devices that does not support it;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
*) lte - fixed support for Sierra MC7710;
*) lte - fixed support for Telit 960;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed MD5 authentication;
*) ospf - fixed NBMA hello's not being sent if priority is set to 0;
*) ospf - fixed default type-3 LSA's not being injected to stub area;
*) ospf - fixed incorrect LSA types when changing area types;
*) ospf - fixed neighbor election failure;
*) ospf - improved logging;
*) ospf - improved stability on OSPFv3 instance disabling;
*) ovpn - improved UDP session handling;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) pptp - show insecure connection warning on dynamic interfaces;
*) qsfp - correctly display auto-negotiation status;
*) queue - improved system stability when processing traffic;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed router's LSA for PTP networks;
*) route - fixed routing configuration export on SMIPS devices;
*) route - improved routing table print speed;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed "return" action;
*) route-filter - fixed complex matchers with "|| or and &&";
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) smb - fixed SMB2.0 disk size reporting;
*) snmp - added SFP vendor name to optical table;
*) snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
*) snmp - allow two level nesting for vlan, bonding speed query;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) traffic-generator - fixed transmit speed for multiple asymmetric streams;
*) usb - fixed display of incorrect port count for USB serial ports;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) vxlan - allow unsetting "group" and "interface" properties;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
*) winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
*) winbox - added "Ignore Missing" selector to "System/Packages" menu;
*) winbox - added "Routing Table" parameter for IPv6 routes;
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added "comment" parameter to "User Manager/Users" menu;
*) winbox - added MLAG support;
*) winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
*) winbox - added ZeroTier support;
*) winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed CHR License renewing process;
*) winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) winbox - properly save "IPv6/Settings" menu in session file;
*) winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
*) winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
*) winbox - show "System/SwOS" menu only on boards that have dual boot;
*) winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
*) wireless - improved wireless connection stability during background scans;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) x86 - added support for Intel E810 NIC;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) zerotier - made MAC and MTU values read-only;
Версия 7.2rc1
2021-12-21
What's new in 7.2rc1 (2021-Dec-17 21:54):
*) arm64 - improved low disk space handling condition on upgrade;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) bgp - do not export default BGP values;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) bluetooth - allow to export device, advertiser and scanner configuration;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) certificate - allow to choose digest algorithm for CSR signing;
*) certificate - made "fingerprint" parameter read-only;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) console - fixed "print" command with additional "where" condition;
*) console - made "password" parameter mandatory when creating a new user;
*) console - properly erase CLI history after configuration reset;
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
*) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) dhcpv4-server - allow adding comments;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
*) hotspot - fixed login page over HTTPS;
*) ipsec - added hardware acceleration support for CCR2116;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
*) l3hw - fixed bonding source MAC address;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed "monitor" command to not report old info;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) ntp - print log change time with time-zone applied;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - improved logging;
*) ospf - improved overall stability;
*) ospf - improved stability for very large LSDB;
*) ospf - improved stability when DR goes down;
*) ospf - improves stability when handling looped back OSPF packets;
*) ovpn - added SHA2 authentication algorithm support;
*) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
*) ovpn - added option to send disconnect message in UDP mode;
*) ovpn - fixed large option message parsing;
*) poe - update PoE firmware only on devices that support it;
*) ppp - show local and remote IPv6 addresses (CLI only);
*) pppoe - added option to configure "host-uniq" parameter;
*) pppoe - added option to ignore PADI messages with empty service name;
*) pppoe - use default MTU of 1492;
*) pptp - added insecure connection warning;
*) queue - improved system stability when processing traffic;
*) route - fixed "min-prefix" configuration when set to 0;
*) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
*) route-filters - fixed possible address list race condition and memory leak;
*) socks - fixed SOCKS5 support;
*) ssh - fixed forwarding with IPv6 link-local addresses;
*) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
*) supout - added "port-controller" bridge section;
*) tr069-client - accept 200-299 codes for HTTP diagnostics;
*) tr069-client - added support for wireless client uptime reporting;
*) upgrade - improved 404 error handling when checking for new versions;
*) upgrade - improved downgrade prompt message;
*) user - removed obsolete "tikapp" policy;
*) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) webfig - fixed default configuration popup presence;
*) webfig - fixed user policy lookup for skin designer;
*) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
*) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
*) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
*) winbox - added "TLS Version" parameter for "Interface/OVPN";
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - added interface list support for "IP/Traffic Flow" menu;
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added support for "Tool/Speedtest" menu;
*) winbox - added support for W60G align tool;
*) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
*) winbox - do not require "name" and "file name" parameters for certificate import/export;
*) winbox - do not show connection tracking table if it has more than 10000 entries;
*) winbox - fixed "Switch" menu on Chateau devices;
*) winbox - fixed "expires-after" certificate parameter value;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - fixed error message when adding NTH rule with "0" value;
*) winbox - fixed minor typo under "LTE" interface menu;
*) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
*) winbox - properly update ethernet auto negotiation status on CHR;
*) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
*) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
*) winbox - report local terminal session as "local" instead of "telnet";
*) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
*) winbox - require non empty "Packet Mark" value under "Queues" menu;
*) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
*) winbox - show "Routes" column by default under "PPP/Secrets" menu;
*) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) winbox - use "total" as default value for "Tools/Profile";
*) wireguard - fixed IPv6 LL address generation;
*) wireguard - made "preshared-key" and "private-key" values sensitive;
*) wireless - added information about client signal strength to log messages about disconnections;
*) wireless - fixed frequency range information for IPQ4019 interfaces;
*) zerotier - properly handle IP address change;
*) arm64 - improved low disk space handling condition on upgrade;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) bgp - do not export default BGP values;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) bluetooth - allow to export device, advertiser and scanner configuration;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) certificate - allow to choose digest algorithm for CSR signing;
*) certificate - made "fingerprint" parameter read-only;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) console - fixed "print" command with additional "where" condition;
*) console - made "password" parameter mandatory when creating a new user;
*) console - properly erase CLI history after configuration reset;
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
*) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) dhcpv4-server - allow adding comments;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
*) hotspot - fixed login page over HTTPS;
*) ipsec - added hardware acceleration support for CCR2116;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
*) l3hw - fixed bonding source MAC address;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed "monitor" command to not report old info;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) ntp - print log change time with time-zone applied;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - improved logging;
*) ospf - improved overall stability;
*) ospf - improved stability for very large LSDB;
*) ospf - improved stability when DR goes down;
*) ospf - improves stability when handling looped back OSPF packets;
*) ovpn - added SHA2 authentication algorithm support;
*) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
*) ovpn - added option to send disconnect message in UDP mode;
*) ovpn - fixed large option message parsing;
*) poe - update PoE firmware only on devices that support it;
*) ppp - show local and remote IPv6 addresses (CLI only);
*) pppoe - added option to configure "host-uniq" parameter;
*) pppoe - added option to ignore PADI messages with empty service name;
*) pppoe - use default MTU of 1492;
*) pptp - added insecure connection warning;
*) queue - improved system stability when processing traffic;
*) route - fixed "min-prefix" configuration when set to 0;
*) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
*) route-filters - fixed possible address list race condition and memory leak;
*) socks - fixed SOCKS5 support;
*) ssh - fixed forwarding with IPv6 link-local addresses;
*) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
*) supout - added "port-controller" bridge section;
*) tr069-client - accept 200-299 codes for HTTP diagnostics;
*) tr069-client - added support for wireless client uptime reporting;
*) upgrade - improved 404 error handling when checking for new versions;
*) upgrade - improved downgrade prompt message;
*) user - removed obsolete "tikapp" policy;
*) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) webfig - fixed default configuration popup presence;
*) webfig - fixed user policy lookup for skin designer;
*) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
*) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
*) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
*) winbox - added "TLS Version" parameter for "Interface/OVPN";
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - added interface list support for "IP/Traffic Flow" menu;
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added support for "Tool/Speedtest" menu;
*) winbox - added support for W60G align tool;
*) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
*) winbox - do not require "name" and "file name" parameters for certificate import/export;
*) winbox - do not show connection tracking table if it has more than 10000 entries;
*) winbox - fixed "Switch" menu on Chateau devices;
*) winbox - fixed "expires-after" certificate parameter value;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - fixed error message when adding NTH rule with "0" value;
*) winbox - fixed minor typo under "LTE" interface menu;
*) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
*) winbox - properly update ethernet auto negotiation status on CHR;
*) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
*) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
*) winbox - report local terminal session as "local" instead of "telnet";
*) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
*) winbox - require non empty "Packet Mark" value under "Queues" menu;
*) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
*) winbox - show "Routes" column by default under "PPP/Secrets" menu;
*) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) winbox - use "total" as default value for "Tools/Profile";
*) wireguard - fixed IPv6 LL address generation;
*) wireguard - made "preshared-key" and "private-key" values sensitive;
*) wireless - added information about client signal strength to log messages about disconnections;
*) wireless - fixed frequency range information for IPQ4019 interfaces;
*) zerotier - properly handle IP address change;
Версия 7.2rc1
2021-12-21
What's new in 7.2rc1 (2021-Dec-17 21:54):
*) arm64 - improved low disk space handling condition on upgrade;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) bgp - do not export default BGP values;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) bluetooth - allow to export device, advertiser and scanner configuration;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) certificate - allow to choose digest algorithm for CSR signing;
*) certificate - made "fingerprint" parameter read-only;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) console - fixed "print" command with additional "where" condition;
*) console - made "password" parameter mandatory when creating a new user;
*) console - properly erase CLI history after configuration reset;
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
*) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) dhcpv4-server - allow adding comments;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
*) hotspot - fixed login page over HTTPS;
*) ipsec - added hardware acceleration support for CCR2116;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
*) l3hw - fixed bonding source MAC address;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed "monitor" command to not report old info;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) ntp - print log change time with time-zone applied;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - improved logging;
*) ospf - improved overall stability;
*) ospf - improved stability for very large LSDB;
*) ospf - improved stability when DR goes down;
*) ospf - improves stability when handling looped back OSPF packets;
*) ovpn - added SHA2 authentication algorithm support;
*) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
*) ovpn - added option to send disconnect message in UDP mode;
*) ovpn - fixed large option message parsing;
*) poe - update PoE firmware only on devices that support it;
*) ppp - show local and remote IPv6 addresses (CLI only);
*) pppoe - added option to configure "host-uniq" parameter;
*) pppoe - added option to ignore PADI messages with empty service name;
*) pppoe - use default MTU of 1492;
*) pptp - added insecure connection warning;
*) queue - improved system stability when processing traffic;
*) route - fixed "min-prefix" configuration when set to 0;
*) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
*) route-filters - fixed possible address list race condition and memory leak;
*) socks - fixed SOCKS5 support;
*) ssh - fixed forwarding with IPv6 link-local addresses;
*) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
*) supout - added "port-controller" bridge section;
*) tr069-client - accept 200-299 codes for HTTP diagnostics;
*) tr069-client - added support for wireless client uptime reporting;
*) upgrade - improved 404 error handling when checking for new versions;
*) upgrade - improved downgrade prompt message;
*) user - removed obsolete "tikapp" policy;
*) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) webfig - fixed default configuration popup presence;
*) webfig - fixed user policy lookup for skin designer;
*) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
*) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
*) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
*) winbox - added "TLS Version" parameter for "Interface/OVPN";
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - added interface list support for "IP/Traffic Flow" menu;
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added support for "Tool/Speedtest" menu;
*) winbox - added support for W60G align tool;
*) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
*) winbox - do not require "name" and "file name" parameters for certificate import/export;
*) winbox - do not show connection tracking table if it has more than 10000 entries;
*) winbox - fixed "Switch" menu on Chateau devices;
*) winbox - fixed "expires-after" certificate parameter value;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - fixed error message when adding NTH rule with "0" value;
*) winbox - fixed minor typo under "LTE" interface menu;
*) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
*) winbox - properly update ethernet auto negotiation status on CHR;
*) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
*) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
*) winbox - report local terminal session as "local" instead of "telnet";
*) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
*) winbox - require non empty "Packet Mark" value under "Queues" menu;
*) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
*) winbox - show "Routes" column by default under "PPP/Secrets" menu;
*) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) winbox - use "total" as default value for "Tools/Profile";
*) wireguard - fixed IPv6 LL address generation;
*) wireguard - made "preshared-key" and "private-key" values sensitive;
*) wireless - added information about client signal strength to log messages about disconnections;
*) wireless - fixed frequency range information for IPQ4019 interfaces;
*) zerotier - properly handle IP address change;
*) arm64 - improved low disk space handling condition on upgrade;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) bgp - do not export default BGP values;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) bluetooth - allow to export device, advertiser and scanner configuration;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) certificate - allow to choose digest algorithm for CSR signing;
*) certificate - made "fingerprint" parameter read-only;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) console - fixed "print" command with additional "where" condition;
*) console - made "password" parameter mandatory when creating a new user;
*) console - properly erase CLI history after configuration reset;
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
*) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) dhcpv4-server - allow adding comments;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
*) hotspot - fixed login page over HTTPS;
*) ipsec - added hardware acceleration support for CCR2116;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
*) l3hw - fixed bonding source MAC address;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed "monitor" command to not report old info;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) ntp - print log change time with time-zone applied;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - improved logging;
*) ospf - improved overall stability;
*) ospf - improved stability for very large LSDB;
*) ospf - improved stability when DR goes down;
*) ospf - improves stability when handling looped back OSPF packets;
*) ovpn - added SHA2 authentication algorithm support;
*) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
*) ovpn - added option to send disconnect message in UDP mode;
*) ovpn - fixed large option message parsing;
*) poe - update PoE firmware only on devices that support it;
*) ppp - show local and remote IPv6 addresses (CLI only);
*) pppoe - added option to configure "host-uniq" parameter;
*) pppoe - added option to ignore PADI messages with empty service name;
*) pppoe - use default MTU of 1492;
*) pptp - added insecure connection warning;
*) queue - improved system stability when processing traffic;
*) route - fixed "min-prefix" configuration when set to 0;
*) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
*) route-filters - fixed possible address list race condition and memory leak;
*) socks - fixed SOCKS5 support;
*) ssh - fixed forwarding with IPv6 link-local addresses;
*) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
*) supout - added "port-controller" bridge section;
*) tr069-client - accept 200-299 codes for HTTP diagnostics;
*) tr069-client - added support for wireless client uptime reporting;
*) upgrade - improved 404 error handling when checking for new versions;
*) upgrade - improved downgrade prompt message;
*) user - removed obsolete "tikapp" policy;
*) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) webfig - fixed default configuration popup presence;
*) webfig - fixed user policy lookup for skin designer;
*) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
*) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
*) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
*) winbox - added "TLS Version" parameter for "Interface/OVPN";
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - added interface list support for "IP/Traffic Flow" menu;
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added support for "Tool/Speedtest" menu;
*) winbox - added support for W60G align tool;
*) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
*) winbox - do not require "name" and "file name" parameters for certificate import/export;
*) winbox - do not show connection tracking table if it has more than 10000 entries;
*) winbox - fixed "Switch" menu on Chateau devices;
*) winbox - fixed "expires-after" certificate parameter value;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - fixed error message when adding NTH rule with "0" value;
*) winbox - fixed minor typo under "LTE" interface menu;
*) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
*) winbox - properly update ethernet auto negotiation status on CHR;
*) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
*) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
*) winbox - report local terminal session as "local" instead of "telnet";
*) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
*) winbox - require non empty "Packet Mark" value under "Queues" menu;
*) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
*) winbox - show "Routes" column by default under "PPP/Secrets" menu;
*) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) winbox - use "total" as default value for "Tools/Profile";
*) wireguard - fixed IPv6 LL address generation;
*) wireguard - made "preshared-key" and "private-key" values sensitive;
*) wireless - added information about client signal strength to log messages about disconnections;
*) wireless - fixed frequency range information for IPQ4019 interfaces;
*) zerotier - properly handle IP address change;
Версия 7.2rc1
2021-12-21
What's new in 7.2rc1 (2021-Dec-17 21:54):
*) arm64 - improved low disk space handling condition on upgrade;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) bgp - do not export default BGP values;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) bluetooth - allow to export device, advertiser and scanner configuration;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) certificate - allow to choose digest algorithm for CSR signing;
*) certificate - made "fingerprint" parameter read-only;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) console - fixed "print" command with additional "where" condition;
*) console - made "password" parameter mandatory when creating a new user;
*) console - properly erase CLI history after configuration reset;
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
*) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) dhcpv4-server - allow adding comments;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
*) hotspot - fixed login page over HTTPS;
*) ipsec - added hardware acceleration support for CCR2116;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
*) l3hw - fixed bonding source MAC address;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed "monitor" command to not report old info;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) ntp - print log change time with time-zone applied;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - improved logging;
*) ospf - improved overall stability;
*) ospf - improved stability for very large LSDB;
*) ospf - improved stability when DR goes down;
*) ospf - improves stability when handling looped back OSPF packets;
*) ovpn - added SHA2 authentication algorithm support;
*) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
*) ovpn - added option to send disconnect message in UDP mode;
*) ovpn - fixed large option message parsing;
*) poe - update PoE firmware only on devices that support it;
*) ppp - show local and remote IPv6 addresses (CLI only);
*) pppoe - added option to configure "host-uniq" parameter;
*) pppoe - added option to ignore PADI messages with empty service name;
*) pppoe - use default MTU of 1492;
*) pptp - added insecure connection warning;
*) queue - improved system stability when processing traffic;
*) route - fixed "min-prefix" configuration when set to 0;
*) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
*) route-filters - fixed possible address list race condition and memory leak;
*) socks - fixed SOCKS5 support;
*) ssh - fixed forwarding with IPv6 link-local addresses;
*) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
*) supout - added "port-controller" bridge section;
*) tr069-client - accept 200-299 codes for HTTP diagnostics;
*) tr069-client - added support for wireless client uptime reporting;
*) upgrade - improved 404 error handling when checking for new versions;
*) upgrade - improved downgrade prompt message;
*) user - removed obsolete "tikapp" policy;
*) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) webfig - fixed default configuration popup presence;
*) webfig - fixed user policy lookup for skin designer;
*) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
*) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
*) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
*) winbox - added "TLS Version" parameter for "Interface/OVPN";
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - added interface list support for "IP/Traffic Flow" menu;
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added support for "Tool/Speedtest" menu;
*) winbox - added support for W60G align tool;
*) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
*) winbox - do not require "name" and "file name" parameters for certificate import/export;
*) winbox - do not show connection tracking table if it has more than 10000 entries;
*) winbox - fixed "Switch" menu on Chateau devices;
*) winbox - fixed "expires-after" certificate parameter value;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - fixed error message when adding NTH rule with "0" value;
*) winbox - fixed minor typo under "LTE" interface menu;
*) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
*) winbox - properly update ethernet auto negotiation status on CHR;
*) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
*) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
*) winbox - report local terminal session as "local" instead of "telnet";
*) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
*) winbox - require non empty "Packet Mark" value under "Queues" menu;
*) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
*) winbox - show "Routes" column by default under "PPP/Secrets" menu;
*) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) winbox - use "total" as default value for "Tools/Profile";
*) wireguard - fixed IPv6 LL address generation;
*) wireguard - made "preshared-key" and "private-key" values sensitive;
*) wireless - added information about client signal strength to log messages about disconnections;
*) wireless - fixed frequency range information for IPQ4019 interfaces;
*) zerotier - properly handle IP address change;
*) arm64 - improved low disk space handling condition on upgrade;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) bgp - do not export default BGP values;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) bluetooth - allow to export device, advertiser and scanner configuration;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) certificate - allow to choose digest algorithm for CSR signing;
*) certificate - made "fingerprint" parameter read-only;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) console - fixed "print" command with additional "where" condition;
*) console - made "password" parameter mandatory when creating a new user;
*) console - properly erase CLI history after configuration reset;
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
*) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) dhcpv4-server - allow adding comments;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
*) hotspot - fixed login page over HTTPS;
*) ipsec - added hardware acceleration support for CCR2116;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
*) l3hw - fixed bonding source MAC address;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed "monitor" command to not report old info;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) ntp - print log change time with time-zone applied;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - improved logging;
*) ospf - improved overall stability;
*) ospf - improved stability for very large LSDB;
*) ospf - improved stability when DR goes down;
*) ospf - improves stability when handling looped back OSPF packets;
*) ovpn - added SHA2 authentication algorithm support;
*) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
*) ovpn - added option to send disconnect message in UDP mode;
*) ovpn - fixed large option message parsing;
*) poe - update PoE firmware only on devices that support it;
*) ppp - show local and remote IPv6 addresses (CLI only);
*) pppoe - added option to configure "host-uniq" parameter;
*) pppoe - added option to ignore PADI messages with empty service name;
*) pppoe - use default MTU of 1492;
*) pptp - added insecure connection warning;
*) queue - improved system stability when processing traffic;
*) route - fixed "min-prefix" configuration when set to 0;
*) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
*) route-filters - fixed possible address list race condition and memory leak;
*) socks - fixed SOCKS5 support;
*) ssh - fixed forwarding with IPv6 link-local addresses;
*) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
*) supout - added "port-controller" bridge section;
*) tr069-client - accept 200-299 codes for HTTP diagnostics;
*) tr069-client - added support for wireless client uptime reporting;
*) upgrade - improved 404 error handling when checking for new versions;
*) upgrade - improved downgrade prompt message;
*) user - removed obsolete "tikapp" policy;
*) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) webfig - fixed default configuration popup presence;
*) webfig - fixed user policy lookup for skin designer;
*) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
*) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
*) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
*) winbox - added "TLS Version" parameter for "Interface/OVPN";
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - added interface list support for "IP/Traffic Flow" menu;
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added support for "Tool/Speedtest" menu;
*) winbox - added support for W60G align tool;
*) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
*) winbox - do not require "name" and "file name" parameters for certificate import/export;
*) winbox - do not show connection tracking table if it has more than 10000 entries;
*) winbox - fixed "Switch" menu on Chateau devices;
*) winbox - fixed "expires-after" certificate parameter value;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - fixed error message when adding NTH rule with "0" value;
*) winbox - fixed minor typo under "LTE" interface menu;
*) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
*) winbox - properly update ethernet auto negotiation status on CHR;
*) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
*) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
*) winbox - report local terminal session as "local" instead of "telnet";
*) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
*) winbox - require non empty "Packet Mark" value under "Queues" menu;
*) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
*) winbox - show "Routes" column by default under "PPP/Secrets" menu;
*) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) winbox - use "total" as default value for "Tools/Profile";
*) wireguard - fixed IPv6 LL address generation;
*) wireguard - made "preshared-key" and "private-key" values sensitive;
*) wireless - added information about client signal strength to log messages about disconnections;
*) wireless - fixed frequency range information for IPQ4019 interfaces;
*) zerotier - properly handle IP address change;
Версия 7.12beta9
2023-09-26
What's new in 7.12beta9 (2023-Sep-25 15:19):
Changes in this release:
!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) health - removed "temperature" health entry from boards, where it was the same as "sfp-temperature";
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) bfd - improved system stability;
*) bgp - fixed "input.filter-chain" argument selection in VPN configuration;
*) bgp - improved logging;
*) bluetooth - added basic support for connecting to BLE peripheral devices;
*) console - export required properties with default values;
*) console - improved system stability;
*) console - restrict permissions to "read,write,reboot,ftp,romon,test" for scripts executed by DHCP, Hotspot, PPP and Traffic-Monitor services;
*) l3hw - fixed IPv6 route suppression;
*) led - fixed "interface-status" configuration for virtual interfaces;
*) lora - added LNS protocol support;
*) lte - changed R11e-LTE ARP behavior to NoArp;
*) lte - fixed sub-interface auto-removal in multiple APN setups;
*) lte - show correct data class when connected to 5G SA network;
*) mqtt - added on-message feature for subscribed topics;
*) mqtt - added parallel-scripts-limit parameter to set maximum allowed number of scripts executed at the same time;
*) mqtt - added wildcard topic subscription support;
*) netinstall - added option to discard branding package;
*) netinstall - display package filename in GUI Descption column if package description is not specified;
*) netinstall-cli - added option to discard branding package;
*) netinstall-cli - allow ".rsc" script filenames;
*) poe-out - driver optimization for AF/AT controlled boards;
*) poe-out - fixed rare CRS328 poe-out menu and poe-out port config loss after reboot;
*) route - added "single-process" configuration setting, enabled by default on devices with 64MB or less RAM memory (CLI only);
*) route - added "suppress-hw-offload" setting for IPv6 routes;
*) route - reverse community "delete" and "filter" command behavior;
*) routerboard - added "reset-button" support for RB800, RB1100 and RB1100AHx2 devices;
*) sfp - fixed 25Gbps link with FEC91 (introduced in v7.12beta7);
*) snmp - changed "mtxrGaugeValue" type to integer;
*) switch - fixed packet forwarding between Ethernet ports for CRS354 switches (introduced in v7.12beta7);
*) webfig - fixed timezone for interface "Last Link Down/Up Time";
*) wifiwave2 - correctly add interface to specified "datapath.interface-list";
*) wifiwave2 - fixed re-connection failures for 802.11ax interfaces in station mode;
*) wifiwave2 - limit L2MTU to 1560 until a fix is available for a bug causing interfaces to fail transmitting larger frames than that;
*) wifiwave2 - log more information regarding authentication failures;
*) winbox - added "Host Key Type" setting under "IP/SSH" menu;
*) winbox - added "Key Owner" setting under "System/User/SSH Keys" and "System/User/SSH Private Keys" menus;
*) winbox - added "Remote Min Tx" parameter under "Routing/BFD/Session" menu;
*) winbox - added "Startup Delay" setting under "Tools/Netwatch" menu;
*) winbox - added "Use BFD" setting under "Routing/RIP/Interface-Template" menu;
*) winbox - added MQTT subscription menu;
*) winbox - allow to specify server as DNS name under "Tools/Email" menu;
*) winbox - rename "DSCP" setting to "DSCP (+ECN)" under "Tools/Traffic-Generator/Packet-Templates" menu;
*) winbox - rename "Name" setting to "List" under "IP,IPv6/Firewall/Address-List" menu;
*) winbox - rename "Password" button to "Change Now" under "System/Password" menu;
*) wireguard - added "auto" parameter for "private-key" and "presharde-key" parameters;
*) wireguard - request public or private key to be specified in order to create peer;
*) x86 - igb updated driver to 5.14.16 version;
*) x86 - igbvf updated driver from in-tree Linux kernel;
*) x86 - updated latest available pci.ids;
Other changes since v7.11:
*) api - fixed fetching objects with warning option from REST API;
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - fixed typos and missing spaces in log messages;
*) bgp - implemented IGP metric sending in BGP messages;
*) bgp - increase "hold-time" limit to 65000;
*) bluetooth - use "g" units when decoding MikroTik beacon acceleration on peripheral devices menu;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - allow to remove issued certificates when CRL is not used;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - fixed certificate auto renewal via SCEP;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - iavf updated driver to 4.9.1 version;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved multi-argument property parsing into array;
*) console - improved randomness for ":rndstr" and ":rndnum" commands;
*) console - improved stability and responsiveness;
*) console - improved stability when editing long scripts;
*) console - improved stability when using "special-login";
*) console - improved system stability through RoMON session;
*) console - improved system stability when using autocomplete;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.12beta3);
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) ike2 - improved rekey collision handling;
*) interface - added "macvlan" interface support;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) ipsec - fixed Diffie-Hellman public value encoding size;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipsec - fixed minor typo in logs;
*) ipsec - reduce disk writes when started without active configuration;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) l3hw - improved system stability during IPv6 route offloading;
*) leds - added "dark-mode" functionality for RBwAPG-5HacD2HnD;
*) leds - added "wireless-status" and "wireless-signal-strength" configuration types for wifiwave2 interfaces;
*) log - improved logging for user actions;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed 5G data-class reporting for Chateau 5G;
*) lte - fixed APN authentification in multi APN setup for R11e-LTE6;
*) lte - fixed IPv6 prefix for MBIM modems in multi-apn setup when IPv6 APN used as not first APN;
*) lte - fixed RSSI for FG621-EA modem to show the correct value;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed Sierra modem initialization;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) mpls - improved FastPath next-hop selection hash algorithm;
*) netinstall-cli - added empty configuration option "-e";
*) netinstall-cli - prioritise interface option over address option;
*) netwatch - decreased "thr-tcp-conn-time" maximum limit to 30 seconds;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) ovpn - improved system stability;
*) pimsm - improved system stability;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) qsfp - added 50Gbps rate support for QSFP28 interfaces;
*) qsfp - fixed sub-interface EEPROM monitor data output (introduced in v7.12beta3);
*) qsfp - improved auto link detection for 100G CWDM4 modules and AOC cables (introduced in v7.12beta3);
*) qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) ssh - improved connection stability when pasting large chunks of text into console;
*) supout - added interface list members section;
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) switch - improved resource allocation for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) traffic-generator - fixed traffic-generator on CHR and x86;
*) usb - added support for RTL8153 USB ethernet on ARM, ARM64 and x86;
*) vrf - limit maximum VRFs to 1024;
*) vxlan - improved system stability for Tile devices;
*) webfig - fixed "Days" property configuration change under "IP/Firewall" menu;
*) webfig - improved Webfig performance and responsiveness;
*) webfig - try to re-establish connection after disconnect;
*) wifiwave2 - added an alternative QoS priority assignment mechanism based on IP DSCP (CLI only);
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - added station-bridge interface mode (CLI only);
*) wifiwave2 - do not show default "l2mtu" on compact export;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) wifiwave2 - fixed PTK renewal for interfaces in station mode;
*) wifiwave2 - fixed sniffer command not receiving any QoS null function frames when using 802.11ax radios;
*) wifiwave2 - fixed untagged VLAN 1 entry when using "vlan-id" setting together with vlan-filtering bridge;
*) wifiwave2 - fixed warning on CAP devices when radar detected;
*) wifiwave2 - implemented an option to transmit IP multicast packets as unicasts (CLI only);
*) wifiwave2 - improved compliance with regulatory requirements;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) wifiwave2 - make 4-way handshake procedure more robust when acting as supplicant (client);
*) winbox - added "Comment" under "Routing/BFD/Configuration" menu;
*) winbox - added "g" flag under "IPv6/Routes" menu;
*) winbox - added "Name Format" property under "WifiWave2/Provisioning" menu;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) winbox - changed "MBR Partition Table" checkbox to unchecked by default under "System/Disks/Format-Drive" menu;
*) winbox - fixed "Address" property under "WifiWave2/Remote-CAP" menu;
*) winbox - fixed "Group Key Update" maximum value under "WifiWave2/Security" menu;
*) winbox - fixed entry numbering and ordering under "WifiWave2/Provisioning" menu;
*) winbox - fixed minor typos;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code;
*) wireless - added more "radius-mac-format" options (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) www - fixed allowed address setting for REST API users;
*) www - fixed fragmented POST data for SCEP service;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
*) x86 - i40e updated driver to 2.23.17 version;
*) x86 - igc updated driver to 5.10.194 version;
*) x86 - ixgbe updated driver to 5.19.6 version;
*) x86 - Realtek r8169 updated driver;
Changes in this release:
!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) health - removed "temperature" health entry from boards, where it was the same as "sfp-temperature";
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) bfd - improved system stability;
*) bgp - fixed "input.filter-chain" argument selection in VPN configuration;
*) bgp - improved logging;
*) bluetooth - added basic support for connecting to BLE peripheral devices;
*) console - export required properties with default values;
*) console - improved system stability;
*) console - restrict permissions to "read,write,reboot,ftp,romon,test" for scripts executed by DHCP, Hotspot, PPP and Traffic-Monitor services;
*) l3hw - fixed IPv6 route suppression;
*) led - fixed "interface-status" configuration for virtual interfaces;
*) lora - added LNS protocol support;
*) lte - changed R11e-LTE ARP behavior to NoArp;
*) lte - fixed sub-interface auto-removal in multiple APN setups;
*) lte - show correct data class when connected to 5G SA network;
*) mqtt - added on-message feature for subscribed topics;
*) mqtt - added parallel-scripts-limit parameter to set maximum allowed number of scripts executed at the same time;
*) mqtt - added wildcard topic subscription support;
*) netinstall - added option to discard branding package;
*) netinstall - display package filename in GUI Descption column if package description is not specified;
*) netinstall-cli - added option to discard branding package;
*) netinstall-cli - allow ".rsc" script filenames;
*) poe-out - driver optimization for AF/AT controlled boards;
*) poe-out - fixed rare CRS328 poe-out menu and poe-out port config loss after reboot;
*) route - added "single-process" configuration setting, enabled by default on devices with 64MB or less RAM memory (CLI only);
*) route - added "suppress-hw-offload" setting for IPv6 routes;
*) route - reverse community "delete" and "filter" command behavior;
*) routerboard - added "reset-button" support for RB800, RB1100 and RB1100AHx2 devices;
*) sfp - fixed 25Gbps link with FEC91 (introduced in v7.12beta7);
*) snmp - changed "mtxrGaugeValue" type to integer;
*) switch - fixed packet forwarding between Ethernet ports for CRS354 switches (introduced in v7.12beta7);
*) webfig - fixed timezone for interface "Last Link Down/Up Time";
*) wifiwave2 - correctly add interface to specified "datapath.interface-list";
*) wifiwave2 - fixed re-connection failures for 802.11ax interfaces in station mode;
*) wifiwave2 - limit L2MTU to 1560 until a fix is available for a bug causing interfaces to fail transmitting larger frames than that;
*) wifiwave2 - log more information regarding authentication failures;
*) winbox - added "Host Key Type" setting under "IP/SSH" menu;
*) winbox - added "Key Owner" setting under "System/User/SSH Keys" and "System/User/SSH Private Keys" menus;
*) winbox - added "Remote Min Tx" parameter under "Routing/BFD/Session" menu;
*) winbox - added "Startup Delay" setting under "Tools/Netwatch" menu;
*) winbox - added "Use BFD" setting under "Routing/RIP/Interface-Template" menu;
*) winbox - added MQTT subscription menu;
*) winbox - allow to specify server as DNS name under "Tools/Email" menu;
*) winbox - rename "DSCP" setting to "DSCP (+ECN)" under "Tools/Traffic-Generator/Packet-Templates" menu;
*) winbox - rename "Name" setting to "List" under "IP,IPv6/Firewall/Address-List" menu;
*) winbox - rename "Password" button to "Change Now" under "System/Password" menu;
*) wireguard - added "auto" parameter for "private-key" and "presharde-key" parameters;
*) wireguard - request public or private key to be specified in order to create peer;
*) x86 - igb updated driver to 5.14.16 version;
*) x86 - igbvf updated driver from in-tree Linux kernel;
*) x86 - updated latest available pci.ids;
Other changes since v7.11:
*) api - fixed fetching objects with warning option from REST API;
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - fixed typos and missing spaces in log messages;
*) bgp - implemented IGP metric sending in BGP messages;
*) bgp - increase "hold-time" limit to 65000;
*) bluetooth - use "g" units when decoding MikroTik beacon acceleration on peripheral devices menu;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - allow to remove issued certificates when CRL is not used;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - fixed certificate auto renewal via SCEP;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - iavf updated driver to 4.9.1 version;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved multi-argument property parsing into array;
*) console - improved randomness for ":rndstr" and ":rndnum" commands;
*) console - improved stability and responsiveness;
*) console - improved stability when editing long scripts;
*) console - improved stability when using "special-login";
*) console - improved system stability through RoMON session;
*) console - improved system stability when using autocomplete;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.12beta3);
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) ike2 - improved rekey collision handling;
*) interface - added "macvlan" interface support;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) ipsec - fixed Diffie-Hellman public value encoding size;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipsec - fixed minor typo in logs;
*) ipsec - reduce disk writes when started without active configuration;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) l3hw - improved system stability during IPv6 route offloading;
*) leds - added "dark-mode" functionality for RBwAPG-5HacD2HnD;
*) leds - added "wireless-status" and "wireless-signal-strength" configuration types for wifiwave2 interfaces;
*) log - improved logging for user actions;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed 5G data-class reporting for Chateau 5G;
*) lte - fixed APN authentification in multi APN setup for R11e-LTE6;
*) lte - fixed IPv6 prefix for MBIM modems in multi-apn setup when IPv6 APN used as not first APN;
*) lte - fixed RSSI for FG621-EA modem to show the correct value;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed Sierra modem initialization;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) mpls - improved FastPath next-hop selection hash algorithm;
*) netinstall-cli - added empty configuration option "-e";
*) netinstall-cli - prioritise interface option over address option;
*) netwatch - decreased "thr-tcp-conn-time" maximum limit to 30 seconds;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) ovpn - improved system stability;
*) pimsm - improved system stability;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) qsfp - added 50Gbps rate support for QSFP28 interfaces;
*) qsfp - fixed sub-interface EEPROM monitor data output (introduced in v7.12beta3);
*) qsfp - improved auto link detection for 100G CWDM4 modules and AOC cables (introduced in v7.12beta3);
*) qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) ssh - improved connection stability when pasting large chunks of text into console;
*) supout - added interface list members section;
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) switch - improved resource allocation for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) traffic-generator - fixed traffic-generator on CHR and x86;
*) usb - added support for RTL8153 USB ethernet on ARM, ARM64 and x86;
*) vrf - limit maximum VRFs to 1024;
*) vxlan - improved system stability for Tile devices;
*) webfig - fixed "Days" property configuration change under "IP/Firewall" menu;
*) webfig - improved Webfig performance and responsiveness;
*) webfig - try to re-establish connection after disconnect;
*) wifiwave2 - added an alternative QoS priority assignment mechanism based on IP DSCP (CLI only);
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - added station-bridge interface mode (CLI only);
*) wifiwave2 - do not show default "l2mtu" on compact export;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) wifiwave2 - fixed PTK renewal for interfaces in station mode;
*) wifiwave2 - fixed sniffer command not receiving any QoS null function frames when using 802.11ax radios;
*) wifiwave2 - fixed untagged VLAN 1 entry when using "vlan-id" setting together with vlan-filtering bridge;
*) wifiwave2 - fixed warning on CAP devices when radar detected;
*) wifiwave2 - implemented an option to transmit IP multicast packets as unicasts (CLI only);
*) wifiwave2 - improved compliance with regulatory requirements;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) wifiwave2 - make 4-way handshake procedure more robust when acting as supplicant (client);
*) winbox - added "Comment" under "Routing/BFD/Configuration" menu;
*) winbox - added "g" flag under "IPv6/Routes" menu;
*) winbox - added "Name Format" property under "WifiWave2/Provisioning" menu;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) winbox - changed "MBR Partition Table" checkbox to unchecked by default under "System/Disks/Format-Drive" menu;
*) winbox - fixed "Address" property under "WifiWave2/Remote-CAP" menu;
*) winbox - fixed "Group Key Update" maximum value under "WifiWave2/Security" menu;
*) winbox - fixed entry numbering and ordering under "WifiWave2/Provisioning" menu;
*) winbox - fixed minor typos;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code;
*) wireless - added more "radius-mac-format" options (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) www - fixed allowed address setting for REST API users;
*) www - fixed fragmented POST data for SCEP service;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
*) x86 - i40e updated driver to 2.23.17 version;
*) x86 - igc updated driver to 5.10.194 version;
*) x86 - ixgbe updated driver to 5.19.6 version;
*) x86 - Realtek r8169 updated driver;
Версия 7.12beta7
2023-09-13
What's new in 7.12beta7 (2023-Sep-13 09:58):
Changes in this release:
!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) api - fixed fetching objects with warning option from REST API;
*) bgp - implemented IGP metric sending in BGP messages;
*) bluetooth - use "g" units when decoding MikroTik beacon acceleration on peripheral devices menu;
*) certificate - allow to remove issued certificates when CRL is not used;
*) certificate - fixed certificate auto renewal via SCEP;
*) chr - iavf updated driver to 4.9.1 version;
*) console - improved randomness for ":rndstr" and ":rndnum" commands;
*) console - improved stability when using "special-login";
*) console - improved system stability through RoMON session;
*) console - improved system stability when using autocomplete;
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.12beta3);
*) ike2 - improved rekey collision handling;
*) ipsec - fixed Diffie-Hellman public value encoding size;
*) ipsec - fixed minor typo in logs;
*) ipsec - reduce disk writes when started without active configuration;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) l3hw - improved system stability during IPv6 route offloading;
*) leds - added "dark-mode" functionality for RBwAPG-5HacD2HnD;
*) leds - added "wireless-status" and "wireless-signal-strength" configuration types for wifiwave2 interfaces;
*) log - improved logging for user actions;
*) lte - fixed 5G data-class reporting for Chateau 5G;
*) lte - fixed APN authentification in multi APN setup for R11e-LTE6;
*) lte - fixed IPv6 prefix for MBIM modems in multi-apn setup when IPv6 APN used as not first APN;
*) lte - fixed RSSI for FG621-EA modem to show the correct value;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) mpls - improved FastPath next-hop selection hash algorithm;
*) netinstall-cli - added empty configuration option "-e";
*) netwatch - decreased "thr-tcp-conn-time" maximum limit to 30 seconds;
*) ovpn - improved system stability;
*) pimsm - improved system stability;
*) qsfp - added 50Gbps rate support for QSFP28 interfaces;
*) qsfp - fixed sub-interface EEPROM monitor data output (introduced in v7.12beta3);
*) qsfp - improved auto link detection for 100G CWDM4 modules and AOC cables (introduced in v7.12beta3);
*) qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
*) routerboard - added "reset-button" support for RB800 and RB1100 devices;
*) ssh - improved connection stability when pasting large chunks of text into console;
*) supout - added interface list members section;
*) switch - improved resource allocation for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) traffic-generator - fixed traffic-generator on CHR and x86;
*) usb - added support for RTL8153 USB ethernet on ARM, ARM64 and x86;
*) vrf - limit maximum VRFs to 1024;
*) vxlan - improved system stability for Tile devices;
*) webfig - fixed "Days" property configuration change under "IP/Firewall" menu;
*) webfig - fixed timezone for interface "Last Link Down/Up Time";
*) webfig - improved Webfig performance and responsiveness;
*) webfig - try to re-establish connection after disconnect;
*) wifiwave2 - added an alternative QoS priority assignment mechanism based on IP DSCP (CLI only);
*) wifiwave2 - added station-bridge interface mode (CLI only);
*) wifiwave2 - do not show default "l2mtu" on compact export;
*) wifiwave2 - fixed PTK renewal for interfaces in station mode;
*) wifiwave2 - fixed sniffer command not receiving any QoS null function frames when using 802.11ax radios;
*) wifiwave2 - fixed untagged VLAN 1 entry when using "vlan-id" setting together with vlan-filtering bridge;
*) wifiwave2 - fixed warning on CAP devices when radar detected;
*) wifiwave2 - implemented an option to transmit IP multicast packets as unicasts (CLI only);
*) wifiwave2 - improved compliance with regulatory requirements;
*) wifiwave2 - make 4-way handshake procedure more robust when acting as supplicant (client);
*) winbox - added "Comment" under "Routing/BFD/Configuration" menu;
*) winbox - added "g" flag under "IPv6/Routes" menu;
*) winbox - added "Name Format" property under "WifiWave2/Provisioning" menu;
*) winbox - changed "MBR Partition Table" checkbox to unchecked by default under "System/Disks/Format-Drive" menu;
*) winbox - fixed "Address" property under "WifiWave2/Remote-CAP" menu;
*) winbox - fixed "Group Key Update" maximum value under "WifiWave2/Security" menu;
*) winbox - fixed entry numbering and ordering under "WifiWave2/Provisioning" menu;
*) winbox - fixed minor typos;
*) wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code;
*) wireguard - generate Wireguard peer keys and preshared-key automatically, if value is specified but is not base64 string;
*) wireguard - removed "wg-add-client" configuration wizard (introduced in v7.12beta3);
*) wireless - added more "radius-mac-format" options (CLI only);
*) www - fixed allowed address setting for REST API users;
*) www - fixed fragmented POST data for SCEP service;
*) x86 - i40e updated driver to 2.23.17 version;
*) x86 - igc updated driver to 5.10.194 version;
*) x86 - ixgbe updated driver to 5.19.6 version;
*) x86 - Realtek r8169 updated driver;
Other changes since v7.11:
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - fixed typos and missing spaces in log messages;
*) bgp - increase "hold-time" limit to 65000;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved multi-argument property parsing into array;
*) console - improved stability and responsiveness;
*) console - improved stability when editing long scripts;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) interface - added "macvlan" interface support;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) netinstall-cli - prioritise interface option over address option;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
Changes in this release:
!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) api - fixed fetching objects with warning option from REST API;
*) bgp - implemented IGP metric sending in BGP messages;
*) bluetooth - use "g" units when decoding MikroTik beacon acceleration on peripheral devices menu;
*) certificate - allow to remove issued certificates when CRL is not used;
*) certificate - fixed certificate auto renewal via SCEP;
*) chr - iavf updated driver to 4.9.1 version;
*) console - improved randomness for ":rndstr" and ":rndnum" commands;
*) console - improved stability when using "special-login";
*) console - improved system stability through RoMON session;
*) console - improved system stability when using autocomplete;
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.12beta3);
*) ike2 - improved rekey collision handling;
*) ipsec - fixed Diffie-Hellman public value encoding size;
*) ipsec - fixed minor typo in logs;
*) ipsec - reduce disk writes when started without active configuration;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) l3hw - improved system stability during IPv6 route offloading;
*) leds - added "dark-mode" functionality for RBwAPG-5HacD2HnD;
*) leds - added "wireless-status" and "wireless-signal-strength" configuration types for wifiwave2 interfaces;
*) log - improved logging for user actions;
*) lte - fixed 5G data-class reporting for Chateau 5G;
*) lte - fixed APN authentification in multi APN setup for R11e-LTE6;
*) lte - fixed IPv6 prefix for MBIM modems in multi-apn setup when IPv6 APN used as not first APN;
*) lte - fixed RSSI for FG621-EA modem to show the correct value;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) mpls - improved FastPath next-hop selection hash algorithm;
*) netinstall-cli - added empty configuration option "-e";
*) netwatch - decreased "thr-tcp-conn-time" maximum limit to 30 seconds;
*) ovpn - improved system stability;
*) pimsm - improved system stability;
*) qsfp - added 50Gbps rate support for QSFP28 interfaces;
*) qsfp - fixed sub-interface EEPROM monitor data output (introduced in v7.12beta3);
*) qsfp - improved auto link detection for 100G CWDM4 modules and AOC cables (introduced in v7.12beta3);
*) qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
*) routerboard - added "reset-button" support for RB800 and RB1100 devices;
*) ssh - improved connection stability when pasting large chunks of text into console;
*) supout - added interface list members section;
*) switch - improved resource allocation for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) traffic-generator - fixed traffic-generator on CHR and x86;
*) usb - added support for RTL8153 USB ethernet on ARM, ARM64 and x86;
*) vrf - limit maximum VRFs to 1024;
*) vxlan - improved system stability for Tile devices;
*) webfig - fixed "Days" property configuration change under "IP/Firewall" menu;
*) webfig - fixed timezone for interface "Last Link Down/Up Time";
*) webfig - improved Webfig performance and responsiveness;
*) webfig - try to re-establish connection after disconnect;
*) wifiwave2 - added an alternative QoS priority assignment mechanism based on IP DSCP (CLI only);
*) wifiwave2 - added station-bridge interface mode (CLI only);
*) wifiwave2 - do not show default "l2mtu" on compact export;
*) wifiwave2 - fixed PTK renewal for interfaces in station mode;
*) wifiwave2 - fixed sniffer command not receiving any QoS null function frames when using 802.11ax radios;
*) wifiwave2 - fixed untagged VLAN 1 entry when using "vlan-id" setting together with vlan-filtering bridge;
*) wifiwave2 - fixed warning on CAP devices when radar detected;
*) wifiwave2 - implemented an option to transmit IP multicast packets as unicasts (CLI only);
*) wifiwave2 - improved compliance with regulatory requirements;
*) wifiwave2 - make 4-way handshake procedure more robust when acting as supplicant (client);
*) winbox - added "Comment" under "Routing/BFD/Configuration" menu;
*) winbox - added "g" flag under "IPv6/Routes" menu;
*) winbox - added "Name Format" property under "WifiWave2/Provisioning" menu;
*) winbox - changed "MBR Partition Table" checkbox to unchecked by default under "System/Disks/Format-Drive" menu;
*) winbox - fixed "Address" property under "WifiWave2/Remote-CAP" menu;
*) winbox - fixed "Group Key Update" maximum value under "WifiWave2/Security" menu;
*) winbox - fixed entry numbering and ordering under "WifiWave2/Provisioning" menu;
*) winbox - fixed minor typos;
*) wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code;
*) wireguard - generate Wireguard peer keys and preshared-key automatically, if value is specified but is not base64 string;
*) wireguard - removed "wg-add-client" configuration wizard (introduced in v7.12beta3);
*) wireless - added more "radius-mac-format" options (CLI only);
*) www - fixed allowed address setting for REST API users;
*) www - fixed fragmented POST data for SCEP service;
*) x86 - i40e updated driver to 2.23.17 version;
*) x86 - igc updated driver to 5.10.194 version;
*) x86 - ixgbe updated driver to 5.19.6 version;
*) x86 - Realtek r8169 updated driver;
Other changes since v7.11:
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - fixed typos and missing spaces in log messages;
*) bgp - increase "hold-time" limit to 65000;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved multi-argument property parsing into array;
*) console - improved stability and responsiveness;
*) console - improved stability when editing long scripts;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) interface - added "macvlan" interface support;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) netinstall-cli - prioritise interface option over address option;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
Версия 7.12beta7
2023-09-13
What's new in 7.12beta7 (2023-Sep-13 09:58):
Changes in this release:
!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) api - fixed fetching objects with warning option from REST API;
*) bgp - implemented IGP metric sending in BGP messages;
*) bluetooth - use "g" units when decoding MikroTik beacon acceleration on peripheral devices menu;
*) certificate - allow to remove issued certificates when CRL is not used;
*) certificate - fixed certificate auto renewal via SCEP;
*) chr - iavf updated driver to 4.9.1 version;
*) console - improved randomness for ":rndstr" and ":rndnum" commands;
*) console - improved stability when using "special-login";
*) console - improved system stability through RoMON session;
*) console - improved system stability when using autocomplete;
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.12beta3);
*) ike2 - improved rekey collision handling;
*) ipsec - fixed Diffie-Hellman public value encoding size;
*) ipsec - fixed minor typo in logs;
*) ipsec - reduce disk writes when started without active configuration;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) l3hw - improved system stability during IPv6 route offloading;
*) leds - added "dark-mode" functionality for RBwAPG-5HacD2HnD;
*) leds - added "wireless-status" and "wireless-signal-strength" configuration types for wifiwave2 interfaces;
*) log - improved logging for user actions;
*) lte - fixed 5G data-class reporting for Chateau 5G;
*) lte - fixed APN authentification in multi APN setup for R11e-LTE6;
*) lte - fixed IPv6 prefix for MBIM modems in multi-apn setup when IPv6 APN used as not first APN;
*) lte - fixed RSSI for FG621-EA modem to show the correct value;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) mpls - improved FastPath next-hop selection hash algorithm;
*) netinstall-cli - added empty configuration option "-e";
*) netwatch - decreased "thr-tcp-conn-time" maximum limit to 30 seconds;
*) ovpn - improved system stability;
*) pimsm - improved system stability;
*) qsfp - added 50Gbps rate support for QSFP28 interfaces;
*) qsfp - fixed sub-interface EEPROM monitor data output (introduced in v7.12beta3);
*) qsfp - improved auto link detection for 100G CWDM4 modules and AOC cables (introduced in v7.12beta3);
*) qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
*) routerboard - added "reset-button" support for RB800 and RB1100 devices;
*) ssh - improved connection stability when pasting large chunks of text into console;
*) supout - added interface list members section;
*) switch - improved resource allocation for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) traffic-generator - fixed traffic-generator on CHR and x86;
*) usb - added support for RTL8153 USB ethernet on ARM, ARM64 and x86;
*) vrf - limit maximum VRFs to 1024;
*) vxlan - improved system stability for Tile devices;
*) webfig - fixed "Days" property configuration change under "IP/Firewall" menu;
*) webfig - fixed timezone for interface "Last Link Down/Up Time";
*) webfig - improved Webfig performance and responsiveness;
*) webfig - try to re-establish connection after disconnect;
*) wifiwave2 - added an alternative QoS priority assignment mechanism based on IP DSCP (CLI only);
*) wifiwave2 - added station-bridge interface mode (CLI only);
*) wifiwave2 - do not show default "l2mtu" on compact export;
*) wifiwave2 - fixed PTK renewal for interfaces in station mode;
*) wifiwave2 - fixed sniffer command not receiving any QoS null function frames when using 802.11ax radios;
*) wifiwave2 - fixed untagged VLAN 1 entry when using "vlan-id" setting together with vlan-filtering bridge;
*) wifiwave2 - fixed warning on CAP devices when radar detected;
*) wifiwave2 - implemented an option to transmit IP multicast packets as unicasts (CLI only);
*) wifiwave2 - improved compliance with regulatory requirements;
*) wifiwave2 - make 4-way handshake procedure more robust when acting as supplicant (client);
*) winbox - added "Comment" under "Routing/BFD/Configuration" menu;
*) winbox - added "g" flag under "IPv6/Routes" menu;
*) winbox - added "Name Format" property under "WifiWave2/Provisioning" menu;
*) winbox - changed "MBR Partition Table" checkbox to unchecked by default under "System/Disks/Format-Drive" menu;
*) winbox - fixed "Address" property under "WifiWave2/Remote-CAP" menu;
*) winbox - fixed "Group Key Update" maximum value under "WifiWave2/Security" menu;
*) winbox - fixed entry numbering and ordering under "WifiWave2/Provisioning" menu;
*) winbox - fixed minor typos;
*) wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code;
*) wireguard - generate Wireguard peer keys and preshared-key automatically, if value is specified but is not base64 string;
*) wireguard - removed "wg-add-client" configuration wizard (introduced in v7.12beta3);
*) wireless - added more "radius-mac-format" options (CLI only);
*) www - fixed allowed address setting for REST API users;
*) www - fixed fragmented POST data for SCEP service;
*) x86 - i40e updated driver to 2.23.17 version;
*) x86 - igc updated driver to 5.10.194 version;
*) x86 - ixgbe updated driver to 5.19.6 version;
*) x86 - Realtek r8169 updated driver;
Other changes since v7.11:
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - fixed typos and missing spaces in log messages;
*) bgp - increase "hold-time" limit to 65000;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved multi-argument property parsing into array;
*) console - improved stability and responsiveness;
*) console - improved stability when editing long scripts;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) interface - added "macvlan" interface support;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) netinstall-cli - prioritise interface option over address option;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
Changes in this release:
!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) api - fixed fetching objects with warning option from REST API;
*) bgp - implemented IGP metric sending in BGP messages;
*) bluetooth - use "g" units when decoding MikroTik beacon acceleration on peripheral devices menu;
*) certificate - allow to remove issued certificates when CRL is not used;
*) certificate - fixed certificate auto renewal via SCEP;
*) chr - iavf updated driver to 4.9.1 version;
*) console - improved randomness for ":rndstr" and ":rndnum" commands;
*) console - improved stability when using "special-login";
*) console - improved system stability through RoMON session;
*) console - improved system stability when using autocomplete;
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.12beta3);
*) ike2 - improved rekey collision handling;
*) ipsec - fixed Diffie-Hellman public value encoding size;
*) ipsec - fixed minor typo in logs;
*) ipsec - reduce disk writes when started without active configuration;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) l3hw - improved system stability during IPv6 route offloading;
*) leds - added "dark-mode" functionality for RBwAPG-5HacD2HnD;
*) leds - added "wireless-status" and "wireless-signal-strength" configuration types for wifiwave2 interfaces;
*) log - improved logging for user actions;
*) lte - fixed 5G data-class reporting for Chateau 5G;
*) lte - fixed APN authentification in multi APN setup for R11e-LTE6;
*) lte - fixed IPv6 prefix for MBIM modems in multi-apn setup when IPv6 APN used as not first APN;
*) lte - fixed RSSI for FG621-EA modem to show the correct value;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) mpls - improved FastPath next-hop selection hash algorithm;
*) netinstall-cli - added empty configuration option "-e";
*) netwatch - decreased "thr-tcp-conn-time" maximum limit to 30 seconds;
*) ovpn - improved system stability;
*) pimsm - improved system stability;
*) qsfp - added 50Gbps rate support for QSFP28 interfaces;
*) qsfp - fixed sub-interface EEPROM monitor data output (introduced in v7.12beta3);
*) qsfp - improved auto link detection for 100G CWDM4 modules and AOC cables (introduced in v7.12beta3);
*) qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
*) routerboard - added "reset-button" support for RB800 and RB1100 devices;
*) ssh - improved connection stability when pasting large chunks of text into console;
*) supout - added interface list members section;
*) switch - improved resource allocation for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) traffic-generator - fixed traffic-generator on CHR and x86;
*) usb - added support for RTL8153 USB ethernet on ARM, ARM64 and x86;
*) vrf - limit maximum VRFs to 1024;
*) vxlan - improved system stability for Tile devices;
*) webfig - fixed "Days" property configuration change under "IP/Firewall" menu;
*) webfig - fixed timezone for interface "Last Link Down/Up Time";
*) webfig - improved Webfig performance and responsiveness;
*) webfig - try to re-establish connection after disconnect;
*) wifiwave2 - added an alternative QoS priority assignment mechanism based on IP DSCP (CLI only);
*) wifiwave2 - added station-bridge interface mode (CLI only);
*) wifiwave2 - do not show default "l2mtu" on compact export;
*) wifiwave2 - fixed PTK renewal for interfaces in station mode;
*) wifiwave2 - fixed sniffer command not receiving any QoS null function frames when using 802.11ax radios;
*) wifiwave2 - fixed untagged VLAN 1 entry when using "vlan-id" setting together with vlan-filtering bridge;
*) wifiwave2 - fixed warning on CAP devices when radar detected;
*) wifiwave2 - implemented an option to transmit IP multicast packets as unicasts (CLI only);
*) wifiwave2 - improved compliance with regulatory requirements;
*) wifiwave2 - make 4-way handshake procedure more robust when acting as supplicant (client);
*) winbox - added "Comment" under "Routing/BFD/Configuration" menu;
*) winbox - added "g" flag under "IPv6/Routes" menu;
*) winbox - added "Name Format" property under "WifiWave2/Provisioning" menu;
*) winbox - changed "MBR Partition Table" checkbox to unchecked by default under "System/Disks/Format-Drive" menu;
*) winbox - fixed "Address" property under "WifiWave2/Remote-CAP" menu;
*) winbox - fixed "Group Key Update" maximum value under "WifiWave2/Security" menu;
*) winbox - fixed entry numbering and ordering under "WifiWave2/Provisioning" menu;
*) winbox - fixed minor typos;
*) wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code;
*) wireguard - generate Wireguard peer keys and preshared-key automatically, if value is specified but is not base64 string;
*) wireguard - removed "wg-add-client" configuration wizard (introduced in v7.12beta3);
*) wireless - added more "radius-mac-format" options (CLI only);
*) www - fixed allowed address setting for REST API users;
*) www - fixed fragmented POST data for SCEP service;
*) x86 - i40e updated driver to 2.23.17 version;
*) x86 - igc updated driver to 5.10.194 version;
*) x86 - ixgbe updated driver to 5.19.6 version;
*) x86 - Realtek r8169 updated driver;
Other changes since v7.11:
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - fixed typos and missing spaces in log messages;
*) bgp - increase "hold-time" limit to 65000;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved multi-argument property parsing into array;
*) console - improved stability and responsiveness;
*) console - improved stability when editing long scripts;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) interface - added "macvlan" interface support;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) netinstall-cli - prioritise interface option over address option;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
Версия 7.12beta7
2023-09-13
What's new in 7.12beta7 (2023-Sep-13 09:58):
Changes in this release:
!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) api - fixed fetching objects with warning option from REST API;
*) bgp - implemented IGP metric sending in BGP messages;
*) bluetooth - use "g" units when decoding MikroTik beacon acceleration on peripheral devices menu;
*) certificate - allow to remove issued certificates when CRL is not used;
*) certificate - fixed certificate auto renewal via SCEP;
*) chr - iavf updated driver to 4.9.1 version;
*) console - improved randomness for ":rndstr" and ":rndnum" commands;
*) console - improved stability when using "special-login";
*) console - improved system stability through RoMON session;
*) console - improved system stability when using autocomplete;
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.12beta3);
*) ike2 - improved rekey collision handling;
*) ipsec - fixed Diffie-Hellman public value encoding size;
*) ipsec - fixed minor typo in logs;
*) ipsec - reduce disk writes when started without active configuration;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) l3hw - improved system stability during IPv6 route offloading;
*) leds - added "dark-mode" functionality for RBwAPG-5HacD2HnD;
*) leds - added "wireless-status" and "wireless-signal-strength" configuration types for wifiwave2 interfaces;
*) log - improved logging for user actions;
*) lte - fixed 5G data-class reporting for Chateau 5G;
*) lte - fixed APN authentification in multi APN setup for R11e-LTE6;
*) lte - fixed IPv6 prefix for MBIM modems in multi-apn setup when IPv6 APN used as not first APN;
*) lte - fixed RSSI for FG621-EA modem to show the correct value;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) mpls - improved FastPath next-hop selection hash algorithm;
*) netinstall-cli - added empty configuration option "-e";
*) netwatch - decreased "thr-tcp-conn-time" maximum limit to 30 seconds;
*) ovpn - improved system stability;
*) pimsm - improved system stability;
*) qsfp - added 50Gbps rate support for QSFP28 interfaces;
*) qsfp - fixed sub-interface EEPROM monitor data output (introduced in v7.12beta3);
*) qsfp - improved auto link detection for 100G CWDM4 modules and AOC cables (introduced in v7.12beta3);
*) qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
*) routerboard - added "reset-button" support for RB800 and RB1100 devices;
*) ssh - improved connection stability when pasting large chunks of text into console;
*) supout - added interface list members section;
*) switch - improved resource allocation for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) traffic-generator - fixed traffic-generator on CHR and x86;
*) usb - added support for RTL8153 USB ethernet on ARM, ARM64 and x86;
*) vrf - limit maximum VRFs to 1024;
*) vxlan - improved system stability for Tile devices;
*) webfig - fixed "Days" property configuration change under "IP/Firewall" menu;
*) webfig - fixed timezone for interface "Last Link Down/Up Time";
*) webfig - improved Webfig performance and responsiveness;
*) webfig - try to re-establish connection after disconnect;
*) wifiwave2 - added an alternative QoS priority assignment mechanism based on IP DSCP (CLI only);
*) wifiwave2 - added station-bridge interface mode (CLI only);
*) wifiwave2 - do not show default "l2mtu" on compact export;
*) wifiwave2 - fixed PTK renewal for interfaces in station mode;
*) wifiwave2 - fixed sniffer command not receiving any QoS null function frames when using 802.11ax radios;
*) wifiwave2 - fixed untagged VLAN 1 entry when using "vlan-id" setting together with vlan-filtering bridge;
*) wifiwave2 - fixed warning on CAP devices when radar detected;
*) wifiwave2 - implemented an option to transmit IP multicast packets as unicasts (CLI only);
*) wifiwave2 - improved compliance with regulatory requirements;
*) wifiwave2 - make 4-way handshake procedure more robust when acting as supplicant (client);
*) winbox - added "Comment" under "Routing/BFD/Configuration" menu;
*) winbox - added "g" flag under "IPv6/Routes" menu;
*) winbox - added "Name Format" property under "WifiWave2/Provisioning" menu;
*) winbox - changed "MBR Partition Table" checkbox to unchecked by default under "System/Disks/Format-Drive" menu;
*) winbox - fixed "Address" property under "WifiWave2/Remote-CAP" menu;
*) winbox - fixed "Group Key Update" maximum value under "WifiWave2/Security" menu;
*) winbox - fixed entry numbering and ordering under "WifiWave2/Provisioning" menu;
*) winbox - fixed minor typos;
*) wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code;
*) wireguard - generate Wireguard peer keys and preshared-key automatically, if value is specified but is not base64 string;
*) wireguard - removed "wg-add-client" configuration wizard (introduced in v7.12beta3);
*) wireless - added more "radius-mac-format" options (CLI only);
*) www - fixed allowed address setting for REST API users;
*) www - fixed fragmented POST data for SCEP service;
*) x86 - i40e updated driver to 2.23.17 version;
*) x86 - igc updated driver to 5.10.194 version;
*) x86 - ixgbe updated driver to 5.19.6 version;
*) x86 - Realtek r8169 updated driver;
Other changes since v7.11:
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - fixed typos and missing spaces in log messages;
*) bgp - increase "hold-time" limit to 65000;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved multi-argument property parsing into array;
*) console - improved stability and responsiveness;
*) console - improved stability when editing long scripts;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) interface - added "macvlan" interface support;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) netinstall-cli - prioritise interface option over address option;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
Changes in this release:
!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) api - fixed fetching objects with warning option from REST API;
*) bgp - implemented IGP metric sending in BGP messages;
*) bluetooth - use "g" units when decoding MikroTik beacon acceleration on peripheral devices menu;
*) certificate - allow to remove issued certificates when CRL is not used;
*) certificate - fixed certificate auto renewal via SCEP;
*) chr - iavf updated driver to 4.9.1 version;
*) console - improved randomness for ":rndstr" and ":rndnum" commands;
*) console - improved stability when using "special-login";
*) console - improved system stability through RoMON session;
*) console - improved system stability when using autocomplete;
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.12beta3);
*) ike2 - improved rekey collision handling;
*) ipsec - fixed Diffie-Hellman public value encoding size;
*) ipsec - fixed minor typo in logs;
*) ipsec - reduce disk writes when started without active configuration;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) l3hw - improved system stability during IPv6 route offloading;
*) leds - added "dark-mode" functionality for RBwAPG-5HacD2HnD;
*) leds - added "wireless-status" and "wireless-signal-strength" configuration types for wifiwave2 interfaces;
*) log - improved logging for user actions;
*) lte - fixed 5G data-class reporting for Chateau 5G;
*) lte - fixed APN authentification in multi APN setup for R11e-LTE6;
*) lte - fixed IPv6 prefix for MBIM modems in multi-apn setup when IPv6 APN used as not first APN;
*) lte - fixed RSSI for FG621-EA modem to show the correct value;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) mpls - improved FastPath next-hop selection hash algorithm;
*) netinstall-cli - added empty configuration option "-e";
*) netwatch - decreased "thr-tcp-conn-time" maximum limit to 30 seconds;
*) ovpn - improved system stability;
*) pimsm - improved system stability;
*) qsfp - added 50Gbps rate support for QSFP28 interfaces;
*) qsfp - fixed sub-interface EEPROM monitor data output (introduced in v7.12beta3);
*) qsfp - improved auto link detection for 100G CWDM4 modules and AOC cables (introduced in v7.12beta3);
*) qsfp - use sub-interface configuration for establishing link (for 40Gbps and 100Gbps links, all sub-interfaces must be enabled);
*) routerboard - added "reset-button" support for RB800 and RB1100 devices;
*) ssh - improved connection stability when pasting large chunks of text into console;
*) supout - added interface list members section;
*) switch - improved resource allocation for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) traffic-generator - fixed traffic-generator on CHR and x86;
*) usb - added support for RTL8153 USB ethernet on ARM, ARM64 and x86;
*) vrf - limit maximum VRFs to 1024;
*) vxlan - improved system stability for Tile devices;
*) webfig - fixed "Days" property configuration change under "IP/Firewall" menu;
*) webfig - fixed timezone for interface "Last Link Down/Up Time";
*) webfig - improved Webfig performance and responsiveness;
*) webfig - try to re-establish connection after disconnect;
*) wifiwave2 - added an alternative QoS priority assignment mechanism based on IP DSCP (CLI only);
*) wifiwave2 - added station-bridge interface mode (CLI only);
*) wifiwave2 - do not show default "l2mtu" on compact export;
*) wifiwave2 - fixed PTK renewal for interfaces in station mode;
*) wifiwave2 - fixed sniffer command not receiving any QoS null function frames when using 802.11ax radios;
*) wifiwave2 - fixed untagged VLAN 1 entry when using "vlan-id" setting together with vlan-filtering bridge;
*) wifiwave2 - fixed warning on CAP devices when radar detected;
*) wifiwave2 - implemented an option to transmit IP multicast packets as unicasts (CLI only);
*) wifiwave2 - improved compliance with regulatory requirements;
*) wifiwave2 - make 4-way handshake procedure more robust when acting as supplicant (client);
*) winbox - added "Comment" under "Routing/BFD/Configuration" menu;
*) winbox - added "g" flag under "IPv6/Routes" menu;
*) winbox - added "Name Format" property under "WifiWave2/Provisioning" menu;
*) winbox - changed "MBR Partition Table" checkbox to unchecked by default under "System/Disks/Format-Drive" menu;
*) winbox - fixed "Address" property under "WifiWave2/Remote-CAP" menu;
*) winbox - fixed "Group Key Update" maximum value under "WifiWave2/Security" menu;
*) winbox - fixed entry numbering and ordering under "WifiWave2/Provisioning" menu;
*) winbox - fixed minor typos;
*) wireguard - allow to specify client settings under peer menu which will be included in configuration file and QR code;
*) wireguard - generate Wireguard peer keys and preshared-key automatically, if value is specified but is not base64 string;
*) wireguard - removed "wg-add-client" configuration wizard (introduced in v7.12beta3);
*) wireless - added more "radius-mac-format" options (CLI only);
*) www - fixed allowed address setting for REST API users;
*) www - fixed fragmented POST data for SCEP service;
*) x86 - i40e updated driver to 2.23.17 version;
*) x86 - igc updated driver to 5.10.194 version;
*) x86 - ixgbe updated driver to 5.19.6 version;
*) x86 - Realtek r8169 updated driver;
Other changes since v7.11:
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - fixed typos and missing spaces in log messages;
*) bgp - increase "hold-time" limit to 65000;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved multi-argument property parsing into array;
*) console - improved stability and responsiveness;
*) console - improved stability when editing long scripts;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) interface - added "macvlan" interface support;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) netinstall-cli - prioritise interface option over address option;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
Версия 7.12beta3
2023-08-24
What's new in 7.12beta3 (2023-Aug-24 12:15):
Changes in this release:
!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - increase "hold-time" limit to 65000;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved multi-argument property parsing into array;
*) console - improved stability when editing long scripts;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) interface - added "macvlan" interface support;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) log - improved logging for user actions;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) netinstall-cli - prioritise interface option over address option;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
Other changes since v7.11:
*) bgp - fixed typos and missing spaces in log messages;
*) bridge - improved system stability;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved stability and responsiveness;
*) console - improved stability when using "special-login";
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) system - improved system stability when MD5 checksums are used;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
Changes in this release:
!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - increase "hold-time" limit to 65000;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved multi-argument property parsing into array;
*) console - improved stability when editing long scripts;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) interface - added "macvlan" interface support;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) log - improved logging for user actions;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) netinstall-cli - prioritise interface option over address option;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
Other changes since v7.11:
*) bgp - fixed typos and missing spaces in log messages;
*) bridge - improved system stability;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved stability and responsiveness;
*) console - improved stability when using "special-login";
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) system - improved system stability when MD5 checksums are used;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
Версия 7.12beta3
2023-08-24
What's new in 7.12beta3 (2023-Aug-24 12:15):
Changes in this release:
!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - increase "hold-time" limit to 65000;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved multi-argument property parsing into array;
*) console - improved stability when editing long scripts;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) interface - added "macvlan" interface support;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) log - improved logging for user actions;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) netinstall-cli - prioritise interface option over address option;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
Other changes since v7.11:
*) bgp - fixed typos and missing spaces in log messages;
*) bridge - improved system stability;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved stability and responsiveness;
*) console - improved stability when using "special-login";
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) system - improved system stability when MD5 checksums are used;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
Changes in this release:
!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - increase "hold-time" limit to 65000;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved multi-argument property parsing into array;
*) console - improved stability when editing long scripts;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) interface - added "macvlan" interface support;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) log - improved logging for user actions;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) netinstall-cli - prioritise interface option over address option;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
Other changes since v7.11:
*) bgp - fixed typos and missing spaces in log messages;
*) bridge - improved system stability;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved stability and responsiveness;
*) console - improved stability when using "special-login";
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) system - improved system stability when MD5 checksums are used;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
Версия 7.12beta3
2023-08-24
What's new in 7.12beta3 (2023-Aug-24 12:15):
Changes in this release:
!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - increase "hold-time" limit to 65000;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved multi-argument property parsing into array;
*) console - improved stability when editing long scripts;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) interface - added "macvlan" interface support;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) log - improved logging for user actions;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) netinstall-cli - prioritise interface option over address option;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
Other changes since v7.11:
*) bgp - fixed typos and missing spaces in log messages;
*) bridge - improved system stability;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved stability and responsiveness;
*) console - improved stability when using "special-login";
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) system - improved system stability when MD5 checksums are used;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
Changes in this release:
!) ethernet - changed "advertise" and "speed" arguments, and removed "half-duplex" setting under "/interface ethernet" menu;
!) sfp - convert configuration to support new link modes for SFP and QSFP type of interfaces;
*) bgp - fixed "atomic-aggregate" always set in output;
*) bgp - fixed local and remote port settings for BGP connections;
*) bgp - increase "hold-time" limit to 65000;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) calea - improved system stability when trying to add rules without the CALEA package;
*) console - added "transform" property for ":convert" command;
*) console - fixed scheduler "on-event" script highlighting when editing;
*) console - improved multi-argument property parsing into array;
*) console - improved stability when editing long scripts;
*) console - show full date and time in scheduler "next-run" property;
*) dhcp - fixed DHCP server and relay related response delays;
*) ethernet - added "supported" and "sfp-supported" values for "monitor" command;
*) interface - added "macvlan" interface support;
*) ipsec - fixed IPSec policy when using modp3072;
*) ipv6 - fixed IPv6 RA delay time from 5s to 500ms according to RFC;
*) ipv6 - send RA and RA deprecate messages out three times instead of just once;
*) log - improved logging for user actions;
*) lte - added at-chat support and increased wait time on modem at-chat for Dell DW5821e, DW5821e-eSIM, DW5829e and DW5829e-eSIM;
*) lte - added SINR reporting for FG621-EA modem;
*) lte - fixed Sierra modem detection for modems with vendor-specific USB descriptors;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) netinstall-cli - prioritise interface option over address option;
*) ospf - fixed adding ECMP routes;
*) ospf - fixed OSPFv3 not working with NSSA areas;
*) ospf - fixed parsing of opaque LSAs used by TE;
*) ospf - fixed translated NSSA routes not showing in backbone;
*) port - add support for Huawei MS237h-517;
*) port - expose NMEA/DIAG ports for Dell DW5821e and DW5821e-eSIM;
*) quickset - fixed "LAN" interface list members if configuration does not contain bridge;
*) rip - added BFD support;
*) rip - fixed session not working in VRF;
*) route - fixed gateway after link restart;
*) route - removed deprecated "received-from" property;
*) sfp - improved interface stability for SFP and QSFP types of interfaces;
*) switch - improved switch chip stability for CCR2004-16g-2s+ devices;
*) tile - improved system stability when using queues;
*) traffic-generator - added "priority" property for "inject" command;
*) wifiwave2 - added comment property for registration-table;
*) wifiwave2 - enable changing interface MTU and L2MTU;
*) wifiwave2 - fixed malformed Interworking packet elements;
*) winbox - allow to set multiple addresses and added IPv6 support under "Interface/VETH" menu;
*) wireguard - added "wg-add-client" configuration wizard (CLI only);
*) wireguard - added "wg-export" and "wg-import" functionality (CLI only);
*) wireless - fixed malformed Interworking packet elements;
*) x86 - added support for Mellanox ConnectX-6 Dx NIC;
Other changes since v7.11:
*) bgp - fixed typos and missing spaces in log messages;
*) bridge - improved system stability;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved stability and responsiveness;
*) console - improved stability when using "special-login";
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) system - improved system stability when MD5 checksums are used;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
Версия 7.12beta1
2023-08-17
What's new in 7.12beta1 (2023-Aug-15 16:14):
*) bgp - fixed typos and missing spaces in log messages;
*) bridge - improved system stability;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved stability and responsiveness;
*) console - improved stability when using "special-login";
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using IPv6 queues;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
*) bgp - fixed typos and missing spaces in log messages;
*) bridge - improved system stability;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved stability and responsiveness;
*) console - improved stability when using "special-login";
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using IPv6 queues;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
Версия 7.12beta1
2023-08-17
What's new in 7.12beta1 (2023-Aug-15 16:14):
*) bgp - fixed typos and missing spaces in log messages;
*) bridge - improved system stability;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved stability and responsiveness;
*) console - improved stability when using "special-login";
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using IPv6 queues;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
*) bgp - fixed typos and missing spaces in log messages;
*) bridge - improved system stability;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved stability and responsiveness;
*) console - improved stability when using "special-login";
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using IPv6 queues;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
Версия 7.12beta1
2023-08-17
What's new in 7.12beta1 (2023-Aug-15 16:14):
*) bgp - fixed typos and missing spaces in log messages;
*) bridge - improved system stability;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved stability and responsiveness;
*) console - improved stability when using "special-login";
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using IPv6 queues;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
*) bgp - fixed typos and missing spaces in log messages;
*) bridge - improved system stability;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to get and maintain Let's Encrypt certificate in IPv6 environment;
*) certificate - fixed "subject-alt-name" duplicating itself when SCEP is used;
*) certificate - improved certificate validation logging error messages;
*) certificate - log CRL HTTP errors under the "error" logging topic;
*) chr - increased OVA default RAM amount from 160MB to 256MB;
*) console - added ":jobname" command;
*) console - added "as-string" and "as-string-value" properties for "get" command;
*) console - added "terminal/ask" command;
*) console - improved ":totime" and ":tonum" commands and added ":tonsec" command for time value manipulation;
*) console - improved stability and responsiveness;
*) console - improved stability when using "special-login";
*) firewall - added "ein-snat" and "ein-dnat" connection NAT state matchers for filter and mangle rules;
*) ike1 - log an error when non-RSA keys are being used;
*) iot - fixed an issue where applying a script to GPIO pin caused GPIO to stop working;
*) iot - fixed behavior where GPIO output state would change on boot;
*) lte - fixed Sierra modem initialization;
*) lte - use more compact logging messages;
*) modbus - added additional security settings for Modbus TCP;
*) mpls - added option to match and set MPLS EXP with bridge and mangle rules;
*) mpls - fixed "propagate-ttl=no" setting;
*) netinstall - added option to discard branding package;
*) ospf - fixed BFD on virtual-link with configured VRF;
*) ovpn - added "tls-auth" option support for imported .ovpn profiles;
*) sfp - fixed missing "rx-power" monitor with certain modules (introduced in v7.10);
*) ssh - added support for user ed25519 public keys;
*) ssh - allow to specify key owner on import;
*) ssh - fixed SSH tunnel performance (introduced in v7.10);
*) supout - added LLDP power to supout.rif;
*) supout - fixed BFD section;
*) system - improved system stability when MD5 checksums are used;
*) tile - improved system stability when using IPv6 queues;
*) wifiwave2 - list APs with a higher maximum data rate as more preferable roaming candidates;
*) winbox - allow to change port numbers for SCTP, DCCP, and UDP-LITE protocols under "IP/Firewall" menus;
Версия 7.11rc4
2023-08-14
What's new in 7.11rc4 (2023-Aug-11 12:57):
Changes in this release:
*) bth - removed from 7.11 for "stable" release, the development will continue in "beta" 7.12;
*) ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
*) poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
*) sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - improved CRL download retry handling;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) sms - increased wait time for modem startup;
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) bth - removed from 7.11 for "stable" release, the development will continue in "beta" 7.12;
*) ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
*) poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
*) sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - improved CRL download retry handling;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) sms - increased wait time for modem startup;
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11rc4
2023-08-14
What's new in 7.11rc4 (2023-Aug-11 12:57):
Changes in this release:
*) bth - removed from 7.11 for "stable" release, the development will continue in "beta" 7.12;
*) ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
*) poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
*) sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - improved CRL download retry handling;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) sms - increased wait time for modem startup;
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) bth - removed from 7.11 for "stable" release, the development will continue in "beta" 7.12;
*) ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
*) poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
*) sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - improved CRL download retry handling;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) sms - increased wait time for modem startup;
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11rc4
2023-08-14
What's new in 7.11rc4 (2023-Aug-11 12:57):
Changes in this release:
*) bth - removed from 7.11 for "stable" release, the development will continue in "beta" 7.12;
*) ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
*) poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
*) sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - improved CRL download retry handling;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) sms - increased wait time for modem startup;
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) bth - removed from 7.11 for "stable" release, the development will continue in "beta" 7.12;
*) ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
*) poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
*) sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - improved CRL download retry handling;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) sms - increased wait time for modem startup;
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11rc3
2023-08-10
What's new in 7.11rc3 (2023-Aug-09 17:41):
Changes in this release:
*) certificate - improved CRL download retry handling;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) sms - increased wait time for modem startup;
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) certificate - improved CRL download retry handling;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) sms - increased wait time for modem startup;
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11rc3
2023-08-10
What's new in 7.11rc3 (2023-Aug-09 17:41):
Changes in this release:
*) certificate - improved CRL download retry handling;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) sms - increased wait time for modem startup;
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) certificate - improved CRL download retry handling;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) sms - increased wait time for modem startup;
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11rc3
2023-08-10
What's new in 7.11rc3 (2023-Aug-09 17:41):
Changes in this release:
*) certificate - improved CRL download retry handling;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) sms - increased wait time for modem startup;
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) certificate - improved CRL download retry handling;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) sms - increased wait time for modem startup;
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11rc2
2023-08-04
What's new in 7.11rc2 (2023-Aug-03 10:50):
Changes in this release:
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) console - improved stability when canceling console actions;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved VPLS "cisco-id" argument validation;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed IP address in container host file;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) console - improved stability when canceling console actions;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved VPLS "cisco-id" argument validation;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed IP address in container host file;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11rc2
2023-08-04
What's new in 7.11rc2 (2023-Aug-03 10:50):
Changes in this release:
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) console - improved stability when canceling console actions;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved VPLS "cisco-id" argument validation;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed IP address in container host file;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) console - improved stability when canceling console actions;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved VPLS "cisco-id" argument validation;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed IP address in container host file;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11rc2
2023-08-04
What's new in 7.11rc2 (2023-Aug-03 10:50):
Changes in this release:
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) console - improved stability when canceling console actions;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved VPLS "cisco-id" argument validation;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed IP address in container host file;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) console - improved stability when canceling console actions;
*) ike2 - fixed ECP521 DH group usage (introduced in v7.11 beta1);
*) lte - fixed R11e-LTE6 "EARFCN" reporting format (introduced in v7.11rc1);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved VPLS "cisco-id" argument validation;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed IP address in container host file;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11rc1
2023-07-31
What's new in 7.11rc1 (2023-Jul-28 09:52):
Changes in this release:
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) container - fixed IP address in container host file;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) ike2 - improved SA rekeying reply process;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) container - fixed IP address in container host file;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) ike2 - improved SA rekeying reply process;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11rc1
2023-07-31
What's new in 7.11rc1 (2023-Jul-28 09:52):
Changes in this release:
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) container - fixed IP address in container host file;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) ike2 - improved SA rekeying reply process;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) container - fixed IP address in container host file;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) ike2 - improved SA rekeying reply process;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11rc1
2023-07-31
What's new in 7.11rc1 (2023-Jul-28 09:52):
Changes in this release:
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) container - fixed IP address in container host file;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) ike2 - improved SA rekeying reply process;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed dynamic untagged VLAN management (introduced in v7.11beta5);
*) bth - added "Back To Home" VPN service for ARM, ARM64, and TILE devices;
*) container - fixed IP address in container host file;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) ike2 - improved SA rekeying reply process;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11beta7
2023-07-25
What's new in 7.11beta7 (2023-Jul-24 14:45):
Changes in this release:
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) ike2 - log "reply ignored" as non-debug log message;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) ssh - fixed private key import (introduced in v7.9);
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) webfig - fixed gray-out italic font for entries after enable;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64 and TILE devices;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) ike2 - log "reply ignored" as non-debug log message;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) ssh - fixed private key import (introduced in v7.9);
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) webfig - fixed gray-out italic font for entries after enable;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64 and TILE devices;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11beta7
2023-07-25
What's new in 7.11beta7 (2023-Jul-24 14:45):
Changes in this release:
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) ike2 - log "reply ignored" as non-debug log message;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) ssh - fixed private key import (introduced in v7.9);
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) webfig - fixed gray-out italic font for entries after enable;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64 and TILE devices;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) ike2 - log "reply ignored" as non-debug log message;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) ssh - fixed private key import (introduced in v7.9);
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) webfig - fixed gray-out italic font for entries after enable;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64 and TILE devices;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11beta7
2023-07-25
What's new in 7.11beta7 (2023-Jul-24 14:45):
Changes in this release:
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) ike2 - log "reply ignored" as non-debug log message;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) ssh - fixed private key import (introduced in v7.9);
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) webfig - fixed gray-out italic font for entries after enable;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64 and TILE devices;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) ike2 - log "reply ignored" as non-debug log message;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) ssh - fixed private key import (introduced in v7.9);
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) webfig - fixed gray-out italic font for entries after enable;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) bth - added "Back To Home" VPN service for ARM, ARM64 and TILE devices;
*) certificate - fixed PEM import;
*) certificate - removed request for "passphrase" property on import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11beta6
2023-07-19
What's new in 7.11beta6 (2023-Jul-18 14:06):
Changes in this release:
*) bfd - improved system stability;
*) bth - added "Back To Home" VPN service for ARM, ARM64 and TILE devices;
*) certificate - removed request for "passphrase" property on import;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) ssh - fixed host public key export (introduced in v7.9);
*) tftp - improved file name matching;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) bfd - improved system stability;
*) bth - added "Back To Home" VPN service for ARM, ARM64 and TILE devices;
*) certificate - removed request for "passphrase" property on import;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) ssh - fixed host public key export (introduced in v7.9);
*) tftp - improved file name matching;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11beta6
2023-07-19
What's new in 7.11beta6 (2023-Jul-18 14:06):
Changes in this release:
*) bfd - improved system stability;
*) bth - added "Back To Home" VPN service for ARM, ARM64 and TILE devices;
*) certificate - removed request for "passphrase" property on import;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) ssh - fixed host public key export (introduced in v7.9);
*) tftp - improved file name matching;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) bfd - improved system stability;
*) bth - added "Back To Home" VPN service for ARM, ARM64 and TILE devices;
*) certificate - removed request for "passphrase" property on import;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) ssh - fixed host public key export (introduced in v7.9);
*) tftp - improved file name matching;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11beta6
2023-07-19
What's new in 7.11beta6 (2023-Jul-18 14:06):
Changes in this release:
*) bfd - improved system stability;
*) bth - added "Back To Home" VPN service for ARM, ARM64 and TILE devices;
*) certificate - removed request for "passphrase" property on import;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) ssh - fixed host public key export (introduced in v7.9);
*) tftp - improved file name matching;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) bfd - improved system stability;
*) bth - added "Back To Home" VPN service for ARM, ARM64 and TILE devices;
*) certificate - removed request for "passphrase" property on import;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) ssh - fixed host public key export (introduced in v7.9);
*) tftp - improved file name matching;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11beta5
2023-07-17
What's new in 7.11beta5 (2023-Jul-17 10:07):
Changes in this release:
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bth - added "Back To Home" VPN service for 802.11ax devices with wifiwave2 package;
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - improved stability when using fullscreen editor;
*) container - added IPv6 support for VETH interface;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) resource - fixed erroneous CPU usage values;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) container - fixed duplicate image name;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bth - added "Back To Home" VPN service for 802.11ax devices with wifiwave2 package;
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - improved stability when using fullscreen editor;
*) container - added IPv6 support for VETH interface;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) resource - fixed erroneous CPU usage values;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) container - fixed duplicate image name;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11beta5
2023-07-17
What's new in 7.11beta5 (2023-Jul-17 10:07):
Changes in this release:
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bth - added "Back To Home" VPN service for 802.11ax devices with wifiwave2 package;
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - improved stability when using fullscreen editor;
*) container - added IPv6 support for VETH interface;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) resource - fixed erroneous CPU usage values;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) container - fixed duplicate image name;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bth - added "Back To Home" VPN service for 802.11ax devices with wifiwave2 package;
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - improved stability when using fullscreen editor;
*) container - added IPv6 support for VETH interface;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) resource - fixed erroneous CPU usage values;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) container - fixed duplicate image name;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11beta5
2023-07-17
What's new in 7.11beta5 (2023-Jul-17 10:07):
Changes in this release:
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bth - added "Back To Home" VPN service for 802.11ax devices with wifiwave2 package;
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - improved stability when using fullscreen editor;
*) container - added IPv6 support for VETH interface;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) resource - fixed erroneous CPU usage values;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) container - fixed duplicate image name;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Changes in this release:
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bth - added "Back To Home" VPN service for 802.11ax devices with wifiwave2 package;
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - improved stability when using fullscreen editor;
*) container - added IPv6 support for VETH interface;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) resource - fixed erroneous CPU usage values;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - fixed multicast frame delivery (introduced in v7.11beta2);
*) wifiwave2 - fixed registration table statistics (introduced in v7.11beta4);
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) container - fixed duplicate image name;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11beta4
2023-07-06
What's new in 7.11beta4 (2023-Jul-05 13:33):
Changes in this release:
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - improved stability and responsiveness;
*) container - fixed duplicate image name;
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) package - treat disabled packages as enabled during upgrade;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) rose-storage - added "scsi-scan" command (CLI only);
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) l3hw - improved system stability during IPv6 route offloading;
*) led - fixed manually configured user LED for RB2011;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
Changes in this release:
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - improved stability and responsiveness;
*) container - fixed duplicate image name;
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) package - treat disabled packages as enabled during upgrade;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) rose-storage - added "scsi-scan" command (CLI only);
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) l3hw - improved system stability during IPv6 route offloading;
*) led - fixed manually configured user LED for RB2011;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
Версия 7.11beta4
2023-07-06
What's new in 7.11beta4 (2023-Jul-05 13:33):
Changes in this release:
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - improved stability and responsiveness;
*) container - fixed duplicate image name;
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) package - treat disabled packages as enabled during upgrade;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) rose-storage - added "scsi-scan" command (CLI only);
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) l3hw - improved system stability during IPv6 route offloading;
*) led - fixed manually configured user LED for RB2011;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
Changes in this release:
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - improved stability and responsiveness;
*) container - fixed duplicate image name;
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) package - treat disabled packages as enabled during upgrade;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) rose-storage - added "scsi-scan" command (CLI only);
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) l3hw - improved system stability during IPv6 route offloading;
*) led - fixed manually configured user LED for RB2011;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
Версия 7.11beta4
2023-07-06
What's new in 7.11beta4 (2023-Jul-05 13:33):
Changes in this release:
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - improved stability and responsiveness;
*) container - fixed duplicate image name;
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) package - treat disabled packages as enabled during upgrade;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) rose-storage - added "scsi-scan" command (CLI only);
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) l3hw - improved system stability during IPv6 route offloading;
*) led - fixed manually configured user LED for RB2011;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
Changes in this release:
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) console - fixed incorrect default value of ":return" command (introduced in v7.11beta2);
*) console - improved stability and responsiveness;
*) container - fixed duplicate image name;
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lte - fixed Dell DW5221E "at-chat" support;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) package - treat disabled packages as enabled during upgrade;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) rose-storage - added "scsi-scan" command (CLI only);
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Other changes since v7.10:
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) l3hw - improved system stability during IPv6 route offloading;
*) led - fixed manually configured user LED for RB2011;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
Версия 7.11beta2
2023-06-22
What's new in 7.11beta2 (2023-Jun-21 14:39):
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) l3hw - improved system stability during IPv6 route offloading;
*) led - fixed manually configured user LED for RB2011;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) l3hw - improved system stability during IPv6 route offloading;
*) led - fixed manually configured user LED for RB2011;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
Версия 7.11beta2
2023-06-22
What's new in 7.11beta2 (2023-Jun-21 14:39):
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) l3hw - improved system stability during IPv6 route offloading;
*) led - fixed manually configured user LED for RB2011;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) l3hw - improved system stability during IPv6 route offloading;
*) led - fixed manually configured user LED for RB2011;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
Версия 7.11beta2
2023-06-22
What's new in 7.11beta2 (2023-Jun-21 14:39):
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) l3hw - improved system stability during IPv6 route offloading;
*) led - fixed manually configured user LED for RB2011;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) certificate - fixed PEM import;
*) certificate - restored RSA with SHA512 support;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added option to use overlayfs layers;
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) l3hw - improved system stability during IPv6 route offloading;
*) led - fixed manually configured user LED for RB2011;
*) lora - added new EUI field;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) poe - fixed missing PoE configuration section under specific conditions;
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
Версия 7.10rc6
2023-06-14
What's new in 7.10rc6 (2023-Jun-13 10:52):
Changes in this release:
!) route - added BFD;
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
*) ike2 - improved child SA delete request processing;
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
!) route - added BFD;
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
*) ike2 - improved child SA delete request processing;
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10rc6
2023-06-14
What's new in 7.10rc6 (2023-Jun-13 10:52):
Changes in this release:
!) route - added BFD;
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
*) ike2 - improved child SA delete request processing;
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
!) route - added BFD;
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
*) ike2 - improved child SA delete request processing;
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10rc6
2023-06-14
What's new in 7.10rc6 (2023-Jun-13 10:52):
Changes in this release:
!) route - added BFD;
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
*) ike2 - improved child SA delete request processing;
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
!) route - added BFD;
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
*) ike2 - improved child SA delete request processing;
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10rc5
2023-06-09
What's new in 7.10rc5 (2023-Jun-08 14:48):
Changes in this release:
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10rc5
2023-06-09
What's new in 7.10rc5 (2023-Jun-08 14:48):
Changes in this release:
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10rc5
2023-06-09
What's new in 7.10rc5 (2023-Jun-08 14:48):
Changes in this release:
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10rc4
2023-06-07
What's new in 7.10rc4 (2023-Jun-06 11:34):
Changes in this release:
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10rc4
2023-06-07
What's new in 7.10rc4 (2023-Jun-06 11:34):
Changes in this release:
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10rc4
2023-06-07
What's new in 7.10rc4 (2023-Jun-06 11:34):
Changes in this release:
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
*) ike2 - improved system stability when renewing IKE SA (introduced in v7.10rc1);
*) ike2 - fixed authentication process using EC digital signature (introduced in v7.10rc3);
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10rc3
2023-06-02
What's new in 7.10rc3 (2023-Jun-02 09:43):
Changes in this release:
!) route - added BFD;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) winbox - added "MPLS/Settings" menu;
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
!) route - added BFD;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) winbox - added "MPLS/Settings" menu;
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10rc3
2023-06-02
What's new in 7.10rc3 (2023-Jun-02 09:43):
Changes in this release:
!) route - added BFD;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) winbox - added "MPLS/Settings" menu;
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
!) route - added BFD;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) winbox - added "MPLS/Settings" menu;
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10rc3
2023-06-02
What's new in 7.10rc3 (2023-Jun-02 09:43):
Changes in this release:
!) route - added BFD;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) winbox - added "MPLS/Settings" menu;
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
!) route - added BFD;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved system stability when creating supout.rif file (introduced in v7.10beta5);
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) sfp - fixed "combo-mode" copper functionality for CRS312 switch (introduced in v7.10rc1);
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) winbox - added "MPLS/Settings" menu;
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10rc1
2023-05-26
What's new in 7.10rc1 (2023-May-25 16:01):
Changes in this release:
!) route - added BFD (CLI only);
*) console - improved stability when using command completion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved performance of partial offloading;
*) mpls - added FastPath support;
*) system - reduced RAM usage for SMIPS devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
!) route - added BFD (CLI only);
*) console - improved stability when using command completion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved performance of partial offloading;
*) mpls - added FastPath support;
*) system - reduced RAM usage for SMIPS devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10rc1
2023-05-26
What's new in 7.10rc1 (2023-May-25 16:01):
Changes in this release:
!) route - added BFD (CLI only);
*) console - improved stability when using command completion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved performance of partial offloading;
*) mpls - added FastPath support;
*) system - reduced RAM usage for SMIPS devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
!) route - added BFD (CLI only);
*) console - improved stability when using command completion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved performance of partial offloading;
*) mpls - added FastPath support;
*) system - reduced RAM usage for SMIPS devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10rc1
2023-05-26
What's new in 7.10rc1 (2023-May-25 16:01):
Changes in this release:
!) route - added BFD (CLI only);
*) console - improved stability when using command completion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved performance of partial offloading;
*) mpls - added FastPath support;
*) system - reduced RAM usage for SMIPS devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
!) route - added BFD (CLI only);
*) console - improved stability when using command completion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved performance of partial offloading;
*) mpls - added FastPath support;
*) system - reduced RAM usage for SMIPS devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
Other changes since v7.9:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10beta8
2023-05-23
What's new in 7.10beta8 (2023-May-22 18:52):
Changes in this release:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD (CLI only);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - fixed "print without-paging" output in some cases;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sniffer - fixed large .pcap file limit;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
Other changes since v7.9:
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - refactor public key authentication;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - improved system stability for partial routing table offload;
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD (CLI only);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - fixed "print without-paging" output in some cases;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sniffer - fixed large .pcap file limit;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
Other changes since v7.9:
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - refactor public key authentication;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - improved system stability for partial routing table offload;
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10beta8
2023-05-23
What's new in 7.10beta8 (2023-May-22 18:52):
Changes in this release:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD (CLI only);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - fixed "print without-paging" output in some cases;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sniffer - fixed large .pcap file limit;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
Other changes since v7.9:
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - refactor public key authentication;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - improved system stability for partial routing table offload;
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD (CLI only);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - fixed "print without-paging" output in some cases;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sniffer - fixed large .pcap file limit;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
Other changes since v7.9:
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - refactor public key authentication;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - improved system stability for partial routing table offload;
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10beta8
2023-05-23
What's new in 7.10beta8 (2023-May-22 18:52):
Changes in this release:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD (CLI only);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - fixed "print without-paging" output in some cases;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sniffer - fixed large .pcap file limit;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
Other changes since v7.9:
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - refactor public key authentication;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - improved system stability for partial routing table offload;
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Changes in this release:
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD (CLI only);
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - fixed "print without-paging" output in some cases;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sniffer - fixed large .pcap file limit;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) wifiwave2 - do not include in radio hardware capability list a parameter irrelevant to end users (introduced in 7.10beta5);
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
Other changes since v7.9:
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - refactor public key authentication;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - improved system stability for partial routing table offload;
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10beta5
2023-05-10
What's new in 7.10beta5 (2023-May-09 13:38):
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - improved system stability for partial routing table offload;
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - improved system stability for partial routing table offload;
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10beta5
2023-05-10
What's new in 7.10beta5 (2023-May-09 13:38):
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - improved system stability for partial routing table offload;
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - improved system stability for partial routing table offload;
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10beta5
2023-05-10
What's new in 7.10beta5 (2023-May-09 13:38):
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - improved system stability for partial routing table offload;
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - hide past commands with sensitive arguments;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - improved system stability for partial routing table offload;
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) tile - fixed support for microSD card;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - improved system stability;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 6.49rc2
2021-09-29
What's new in 6.49rc2 (2021-Sep-28 10:17):
Changes in this release:
*) bridge - improved controller bridge stability when adding RouterOS v7 port extender;
*) bridge - improved port extender stability when creating bond interfaces on excluded ports;
*) crs3xx - fixed bridge controller and extender packet forwarding for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) discovery - do not send discovery packets on interfaces that are blocked by STP (introduced in v6.48);
*) sfp - added "sfp-rate-select" setting;
*) supout - added controller bridge section;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) user - added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) user - fixed active user session purging on disconnect;
*) user - show "expired password" prompt for users with blank password;
*) winbox - added "fec-mode" parameter under "Interface/Ethernet" menu;
*) winbox - minimal required version is v3.30;
*) wireless - improved system stability when sending packets through interface after L2MTU is increased;
Other changes since v6.48.4:
*) backup - fixed backup file restore (introduced in v6.49beta);
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when learning MDB and FBD entries for CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.49beta44);
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) gps - improved interface monitoring;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) health - improved temperature reporting;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) kid-control - improved IPv6 firewall rule generation;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - added channel plan "il-917" for Israel;
*) lora - fixed "PULL_DATA" token generation;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - log client signal strength on disconnect;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "israel" regulatory domain information;
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) bridge - improved controller bridge stability when adding RouterOS v7 port extender;
*) bridge - improved port extender stability when creating bond interfaces on excluded ports;
*) crs3xx - fixed bridge controller and extender packet forwarding for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) discovery - do not send discovery packets on interfaces that are blocked by STP (introduced in v6.48);
*) sfp - added "sfp-rate-select" setting;
*) supout - added controller bridge section;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) user - added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) user - fixed active user session purging on disconnect;
*) user - show "expired password" prompt for users with blank password;
*) winbox - added "fec-mode" parameter under "Interface/Ethernet" menu;
*) winbox - minimal required version is v3.30;
*) wireless - improved system stability when sending packets through interface after L2MTU is increased;
Other changes since v6.48.4:
*) backup - fixed backup file restore (introduced in v6.49beta);
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when learning MDB and FBD entries for CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.49beta44);
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) gps - improved interface monitoring;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) health - improved temperature reporting;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) kid-control - improved IPv6 firewall rule generation;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - added channel plan "il-917" for Israel;
*) lora - fixed "PULL_DATA" token generation;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - log client signal strength on disconnect;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "israel" regulatory domain information;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49rc2
2021-09-29
What's new in 6.49rc2 (2021-Sep-28 10:17):
Changes in this release:
*) bridge - improved controller bridge stability when adding RouterOS v7 port extender;
*) bridge - improved port extender stability when creating bond interfaces on excluded ports;
*) crs3xx - fixed bridge controller and extender packet forwarding for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) discovery - do not send discovery packets on interfaces that are blocked by STP (introduced in v6.48);
*) sfp - added "sfp-rate-select" setting;
*) supout - added controller bridge section;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) user - added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) user - fixed active user session purging on disconnect;
*) user - show "expired password" prompt for users with blank password;
*) winbox - added "fec-mode" parameter under "Interface/Ethernet" menu;
*) winbox - minimal required version is v3.30;
*) wireless - improved system stability when sending packets through interface after L2MTU is increased;
Other changes since v6.48.4:
*) backup - fixed backup file restore (introduced in v6.49beta);
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when learning MDB and FBD entries for CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.49beta44);
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) gps - improved interface monitoring;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) health - improved temperature reporting;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) kid-control - improved IPv6 firewall rule generation;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - added channel plan "il-917" for Israel;
*) lora - fixed "PULL_DATA" token generation;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - log client signal strength on disconnect;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "israel" regulatory domain information;
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) bridge - improved controller bridge stability when adding RouterOS v7 port extender;
*) bridge - improved port extender stability when creating bond interfaces on excluded ports;
*) crs3xx - fixed bridge controller and extender packet forwarding for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) discovery - do not send discovery packets on interfaces that are blocked by STP (introduced in v6.48);
*) sfp - added "sfp-rate-select" setting;
*) supout - added controller bridge section;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) user - added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) user - fixed active user session purging on disconnect;
*) user - show "expired password" prompt for users with blank password;
*) winbox - added "fec-mode" parameter under "Interface/Ethernet" menu;
*) winbox - minimal required version is v3.30;
*) wireless - improved system stability when sending packets through interface after L2MTU is increased;
Other changes since v6.48.4:
*) backup - fixed backup file restore (introduced in v6.49beta);
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when learning MDB and FBD entries for CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.49beta44);
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) gps - improved interface monitoring;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) health - improved temperature reporting;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) kid-control - improved IPv6 firewall rule generation;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - added channel plan "il-917" for Israel;
*) lora - fixed "PULL_DATA" token generation;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - log client signal strength on disconnect;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "israel" regulatory domain information;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49rc2
2021-09-29
What's new in 6.49rc2 (2021-Sep-28 10:17):
Changes in this release:
*) bridge - improved controller bridge stability when adding RouterOS v7 port extender;
*) bridge - improved port extender stability when creating bond interfaces on excluded ports;
*) crs3xx - fixed bridge controller and extender packet forwarding for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) discovery - do not send discovery packets on interfaces that are blocked by STP (introduced in v6.48);
*) sfp - added "sfp-rate-select" setting;
*) supout - added controller bridge section;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) user - added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) user - fixed active user session purging on disconnect;
*) user - show "expired password" prompt for users with blank password;
*) winbox - added "fec-mode" parameter under "Interface/Ethernet" menu;
*) winbox - minimal required version is v3.30;
*) wireless - improved system stability when sending packets through interface after L2MTU is increased;
Other changes since v6.48.4:
*) backup - fixed backup file restore (introduced in v6.49beta);
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when learning MDB and FBD entries for CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.49beta44);
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) gps - improved interface monitoring;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) health - improved temperature reporting;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) kid-control - improved IPv6 firewall rule generation;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - added channel plan "il-917" for Israel;
*) lora - fixed "PULL_DATA" token generation;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - log client signal strength on disconnect;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "israel" regulatory domain information;
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) bridge - improved controller bridge stability when adding RouterOS v7 port extender;
*) bridge - improved port extender stability when creating bond interfaces on excluded ports;
*) crs3xx - fixed bridge controller and extender packet forwarding for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) discovery - do not send discovery packets on interfaces that are blocked by STP (introduced in v6.48);
*) sfp - added "sfp-rate-select" setting;
*) supout - added controller bridge section;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) user - added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) user - fixed active user session purging on disconnect;
*) user - show "expired password" prompt for users with blank password;
*) winbox - added "fec-mode" parameter under "Interface/Ethernet" menu;
*) winbox - minimal required version is v3.30;
*) wireless - improved system stability when sending packets through interface after L2MTU is increased;
Other changes since v6.48.4:
*) backup - fixed backup file restore (introduced in v6.49beta);
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when learning MDB and FBD entries for CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.49beta44);
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) gps - improved interface monitoring;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) health - improved temperature reporting;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) kid-control - improved IPv6 firewall rule generation;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - added channel plan "il-917" for Israel;
*) lora - fixed "PULL_DATA" token generation;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - log client signal strength on disconnect;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "israel" regulatory domain information;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49rc1
2021-09-24
What's new in 6.49rc1 (2021-Sep-23 12:32):
Changes in this release:
*) backup - fixed backup file restore (introduced in v6.49beta);
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when learning MDB and FBD entries for CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.49beta44);
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) gps - improved interface monitoring;
*) health - improved temperature reporting;
*) kid-control - improved IPv6 firewall rule generation;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - fixed "PULL_DATA" token generation;
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) poe - update PoE firmware only on devices that supports it;
*) qsfp - improved system stability when setting unsupported link rates;
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - log client signal strength on disconnect;
*) wireless - updated "israel" regulatory domain information;
Other changes since v6.48.4:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) lora - added channel plan "il-917" for Israel;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) backup - fixed backup file restore (introduced in v6.49beta);
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when learning MDB and FBD entries for CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.49beta44);
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) gps - improved interface monitoring;
*) health - improved temperature reporting;
*) kid-control - improved IPv6 firewall rule generation;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - fixed "PULL_DATA" token generation;
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) poe - update PoE firmware only on devices that supports it;
*) qsfp - improved system stability when setting unsupported link rates;
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - log client signal strength on disconnect;
*) wireless - updated "israel" regulatory domain information;
Other changes since v6.48.4:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) lora - added channel plan "il-917" for Israel;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49rc1
2021-09-24
What's new in 6.49rc1 (2021-Sep-23 12:32):
Changes in this release:
*) backup - fixed backup file restore (introduced in v6.49beta);
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when learning MDB and FBD entries for CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.49beta44);
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) gps - improved interface monitoring;
*) health - improved temperature reporting;
*) kid-control - improved IPv6 firewall rule generation;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - fixed "PULL_DATA" token generation;
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) poe - update PoE firmware only on devices that supports it;
*) qsfp - improved system stability when setting unsupported link rates;
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - log client signal strength on disconnect;
*) wireless - updated "israel" regulatory domain information;
Other changes since v6.48.4:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) lora - added channel plan "il-917" for Israel;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) backup - fixed backup file restore (introduced in v6.49beta);
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when learning MDB and FBD entries for CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.49beta44);
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) gps - improved interface monitoring;
*) health - improved temperature reporting;
*) kid-control - improved IPv6 firewall rule generation;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - fixed "PULL_DATA" token generation;
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) poe - update PoE firmware only on devices that supports it;
*) qsfp - improved system stability when setting unsupported link rates;
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - log client signal strength on disconnect;
*) wireless - updated "israel" regulatory domain information;
Other changes since v6.48.4:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) lora - added channel plan "il-917" for Israel;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49rc1
2021-09-24
What's new in 6.49rc1 (2021-Sep-23 12:32):
Changes in this release:
*) backup - fixed backup file restore (introduced in v6.49beta);
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when learning MDB and FBD entries for CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.49beta44);
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) gps - improved interface monitoring;
*) health - improved temperature reporting;
*) kid-control - improved IPv6 firewall rule generation;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - fixed "PULL_DATA" token generation;
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) poe - update PoE firmware only on devices that supports it;
*) qsfp - improved system stability when setting unsupported link rates;
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - log client signal strength on disconnect;
*) wireless - updated "israel" regulatory domain information;
Other changes since v6.48.4:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) lora - added channel plan "il-917" for Israel;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) backup - fixed backup file restore (introduced in v6.49beta);
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when learning MDB and FBD entries for CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.49beta44);
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) gps - improved interface monitoring;
*) health - improved temperature reporting;
*) kid-control - improved IPv6 firewall rule generation;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - fixed "PULL_DATA" token generation;
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) poe - update PoE firmware only on devices that supports it;
*) qsfp - improved system stability when setting unsupported link rates;
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - log client signal strength on disconnect;
*) wireless - updated "israel" regulatory domain information;
Other changes since v6.48.4:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) lora - added channel plan "il-917" for Israel;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta54
2021-07-05
What's new in 6.49beta54 (2021-Jul-05 06:48):
Changes in this release:
*) bridge - fixed external flag in the host table for wireless clients;
*) capsman - use Bits instead of Bytes for "ap-tx-limit" and "client-tx-limit" parameters;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed unknown multicast flood to CPU when IGMP snooping is used;
*) crs3xx - improved system stability when increasing interface L2MTU for CRS318 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - fixed default configuration loading on LHG R;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ipsec - improved SA update by SPI;
*) leds - fixed "/system leds" menu on RBLHG-2nD;
*) lora - added channel plan "il-917" for Israel;
*) lte - added support for Sharp 809SH;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) sfp - improved 25Gbps optical module stability and linking;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) system - improved stability when receiving bogus packets;
*) telnet - fixed "routing-table" parameter usage;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - improved stability for download/upload diagnostics;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) webfig - added support for logo image from branding package;
*) winbox - added "Cloud Backup" options under "Files" menu;
*) winbox - added "interworking-profile" parameter under "Wireless" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "Functionality" field for LTE interface if it is not provided;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed "Switch" menu on RBwAPG;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac^3;
Other changes since v6.48.3:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dns - fixed CNAME query when target record is not in cache;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) bridge - fixed external flag in the host table for wireless clients;
*) capsman - use Bits instead of Bytes for "ap-tx-limit" and "client-tx-limit" parameters;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed unknown multicast flood to CPU when IGMP snooping is used;
*) crs3xx - improved system stability when increasing interface L2MTU for CRS318 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - fixed default configuration loading on LHG R;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ipsec - improved SA update by SPI;
*) leds - fixed "/system leds" menu on RBLHG-2nD;
*) lora - added channel plan "il-917" for Israel;
*) lte - added support for Sharp 809SH;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) sfp - improved 25Gbps optical module stability and linking;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) system - improved stability when receiving bogus packets;
*) telnet - fixed "routing-table" parameter usage;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - improved stability for download/upload diagnostics;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) webfig - added support for logo image from branding package;
*) winbox - added "Cloud Backup" options under "Files" menu;
*) winbox - added "interworking-profile" parameter under "Wireless" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "Functionality" field for LTE interface if it is not provided;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed "Switch" menu on RBwAPG;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac^3;
Other changes since v6.48.3:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dns - fixed CNAME query when target record is not in cache;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta54
2021-07-05
What's new in 6.49beta54 (2021-Jul-05 06:48):
Changes in this release:
*) bridge - fixed external flag in the host table for wireless clients;
*) capsman - use Bits instead of Bytes for "ap-tx-limit" and "client-tx-limit" parameters;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed unknown multicast flood to CPU when IGMP snooping is used;
*) crs3xx - improved system stability when increasing interface L2MTU for CRS318 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - fixed default configuration loading on LHG R;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ipsec - improved SA update by SPI;
*) leds - fixed "/system leds" menu on RBLHG-2nD;
*) lora - added channel plan "il-917" for Israel;
*) lte - added support for Sharp 809SH;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) sfp - improved 25Gbps optical module stability and linking;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) system - improved stability when receiving bogus packets;
*) telnet - fixed "routing-table" parameter usage;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - improved stability for download/upload diagnostics;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) webfig - added support for logo image from branding package;
*) winbox - added "Cloud Backup" options under "Files" menu;
*) winbox - added "interworking-profile" parameter under "Wireless" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "Functionality" field for LTE interface if it is not provided;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed "Switch" menu on RBwAPG;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac^3;
Other changes since v6.48.3:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dns - fixed CNAME query when target record is not in cache;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) bridge - fixed external flag in the host table for wireless clients;
*) capsman - use Bits instead of Bytes for "ap-tx-limit" and "client-tx-limit" parameters;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed unknown multicast flood to CPU when IGMP snooping is used;
*) crs3xx - improved system stability when increasing interface L2MTU for CRS318 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - fixed default configuration loading on LHG R;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ipsec - improved SA update by SPI;
*) leds - fixed "/system leds" menu on RBLHG-2nD;
*) lora - added channel plan "il-917" for Israel;
*) lte - added support for Sharp 809SH;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) sfp - improved 25Gbps optical module stability and linking;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) system - improved stability when receiving bogus packets;
*) telnet - fixed "routing-table" parameter usage;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - improved stability for download/upload diagnostics;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) webfig - added support for logo image from branding package;
*) winbox - added "Cloud Backup" options under "Files" menu;
*) winbox - added "interworking-profile" parameter under "Wireless" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "Functionality" field for LTE interface if it is not provided;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed "Switch" menu on RBwAPG;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac^3;
Other changes since v6.48.3:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dns - fixed CNAME query when target record is not in cache;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta54
2021-07-05
What's new in 6.49beta54 (2021-Jul-05 06:48):
Changes in this release:
*) bridge - fixed external flag in the host table for wireless clients;
*) capsman - use Bits instead of Bytes for "ap-tx-limit" and "client-tx-limit" parameters;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed unknown multicast flood to CPU when IGMP snooping is used;
*) crs3xx - improved system stability when increasing interface L2MTU for CRS318 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - fixed default configuration loading on LHG R;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ipsec - improved SA update by SPI;
*) leds - fixed "/system leds" menu on RBLHG-2nD;
*) lora - added channel plan "il-917" for Israel;
*) lte - added support for Sharp 809SH;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) sfp - improved 25Gbps optical module stability and linking;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) system - improved stability when receiving bogus packets;
*) telnet - fixed "routing-table" parameter usage;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - improved stability for download/upload diagnostics;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) webfig - added support for logo image from branding package;
*) winbox - added "Cloud Backup" options under "Files" menu;
*) winbox - added "interworking-profile" parameter under "Wireless" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "Functionality" field for LTE interface if it is not provided;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed "Switch" menu on RBwAPG;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac^3;
Other changes since v6.48.3:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dns - fixed CNAME query when target record is not in cache;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) bridge - fixed external flag in the host table for wireless clients;
*) capsman - use Bits instead of Bytes for "ap-tx-limit" and "client-tx-limit" parameters;
*) crs3xx - fixed jumbo frame forwarding for CRS354 devices (introduced in v6.49beta36);
*) crs3xx - fixed unknown multicast flood to CPU when IGMP snooping is used;
*) crs3xx - improved system stability when increasing interface L2MTU for CRS318 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - fixed default configuration loading on LHG R;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ipsec - improved SA update by SPI;
*) leds - fixed "/system leds" menu on RBLHG-2nD;
*) lora - added channel plan "il-917" for Israel;
*) lte - added support for Sharp 809SH;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) sfp - improved 25Gbps optical module stability and linking;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) system - improved stability when receiving bogus packets;
*) telnet - fixed "routing-table" parameter usage;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - improved stability for download/upload diagnostics;
*) ups - added battery info for APC Back-UPS BX750MI;
*) w60g - general stability and performance improvements;
*) webfig - added support for logo image from branding package;
*) winbox - added "Cloud Backup" options under "Files" menu;
*) winbox - added "interworking-profile" parameter under "Wireless" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "Functionality" field for LTE interface if it is not provided;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed "Switch" menu on RBwAPG;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac^3;
Other changes since v6.48.3:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dns - fixed CNAME query when target record is not in cache;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta46
2021-05-19
What's new in 6.49beta46 (2021-May-18 07:56):
Changes in this release:
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) dns - fixed CNAME query when target record is not in cache;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Changes in this release:
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) dns - fixed CNAME query when target record is not in cache;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Версия 6.49beta46
2021-05-19
What's new in 6.49beta46 (2021-May-18 07:56):
Changes in this release:
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) dns - fixed CNAME query when target record is not in cache;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Changes in this release:
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) dns - fixed CNAME query when target record is not in cache;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Версия 6.49beta46
2021-05-19
What's new in 6.49beta46 (2021-May-18 07:56):
Changes in this release:
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) dns - fixed CNAME query when target record is not in cache;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Changes in this release:
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
*) crs3xx - fixed packet forwarding on 1Gbps Ethernet interfaces for CRS354 devices (introduced in v6.49beta44);
*) dns - fixed CNAME query when target record is not in cache;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Версия 6.49beta44
2021-05-12
What's new in 6.49beta44 (2021-May-12 07:47):
Changes in this release:
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) firewall - fixed "ingress-priority" matcher;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) firewall - fixed "ingress-priority" matcher;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta44
2021-05-12
What's new in 6.49beta44 (2021-May-12 07:47):
Changes in this release:
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) firewall - fixed "ingress-priority" matcher;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) firewall - fixed "ingress-priority" matcher;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta44
2021-05-12
What's new in 6.49beta44 (2021-May-12 07:47):
Changes in this release:
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) firewall - fixed "ingress-priority" matcher;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - improved system stability on several 802.11ac devices (introduced in v6.49beta36);
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) firewall - fixed "ingress-priority" matcher;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta38
2021-04-23
What's new in 6.49beta38 (2021-Apr-23 10:31):
Changes in this release:
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta38
2021-04-23
What's new in 6.49beta38 (2021-Apr-23 10:31):
Changes in this release:
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta38
2021-04-23
What's new in 6.49beta38 (2021-Apr-23 10:31):
Changes in this release:
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) route - improved stability when connected route is modified;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show value units twice;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta36
2021-04-23
What's new in 6.49beta36 (2021-Apr-23 05:56):
Changes in this release:
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) w60g - improved stability in low temperature environments;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) w60g - improved stability in low temperature environments;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta36
2021-04-23
What's new in 6.49beta36 (2021-Apr-23 05:56):
Changes in this release:
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) w60g - improved stability in low temperature environments;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) w60g - improved stability in low temperature environments;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta36
2021-04-23
What's new in 6.49beta36 (2021-Apr-23 05:56):
Changes in this release:
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) w60g - improved stability in low temperature environments;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) chr - fixed OS provisioning on Azure;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcpv6-server - improved dynamic server entry update;
*) firewall - fixed "ingress-priority" matcher;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed SA address parameter exporting;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) ssh - return proper error code from executed command;
*) w60g - improved stability in low temperature environments;
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
Other changes since v6.48.2:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta27
2021-03-15
What's new in 6.49beta27 (2021-Mar-12 14:22):
Changes in this release:
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb3011 - improved system stability when changing RouterBOARD settings (introduced in v6.48);
*) upgrade - fixed upgrade procedure on 16MB devices (introduced in v6.49beta22);
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
Other changes since v6.48.1:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - require "write+ftp" permissions for printing to file;
*) console - updated copyright notice;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcp - fixed link state checking for DHCP client;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed SNMP trap agent address;
*) supout - fixed "topic" column presence in "Log" section;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed new interface addition;
*) webfig - fixed new interface addition;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb3011 - improved system stability when changing RouterBOARD settings (introduced in v6.48);
*) upgrade - fixed upgrade procedure on 16MB devices (introduced in v6.49beta22);
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
Other changes since v6.48.1:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - require "write+ftp" permissions for printing to file;
*) console - updated copyright notice;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcp - fixed link state checking for DHCP client;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed SNMP trap agent address;
*) supout - fixed "topic" column presence in "Log" section;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed new interface addition;
*) webfig - fixed new interface addition;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta27
2021-03-15
What's new in 6.49beta27 (2021-Mar-12 14:22):
Changes in this release:
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb3011 - improved system stability when changing RouterBOARD settings (introduced in v6.48);
*) upgrade - fixed upgrade procedure on 16MB devices (introduced in v6.49beta22);
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
Other changes since v6.48.1:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - require "write+ftp" permissions for printing to file;
*) console - updated copyright notice;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcp - fixed link state checking for DHCP client;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed SNMP trap agent address;
*) supout - fixed "topic" column presence in "Log" section;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed new interface addition;
*) webfig - fixed new interface addition;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb3011 - improved system stability when changing RouterBOARD settings (introduced in v6.48);
*) upgrade - fixed upgrade procedure on 16MB devices (introduced in v6.49beta22);
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
Other changes since v6.48.1:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - require "write+ftp" permissions for printing to file;
*) console - updated copyright notice;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcp - fixed link state checking for DHCP client;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed SNMP trap agent address;
*) supout - fixed "topic" column presence in "Log" section;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed new interface addition;
*) webfig - fixed new interface addition;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta27
2021-03-15
What's new in 6.49beta27 (2021-Mar-12 14:22):
Changes in this release:
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb3011 - improved system stability when changing RouterBOARD settings (introduced in v6.48);
*) upgrade - fixed upgrade procedure on 16MB devices (introduced in v6.49beta22);
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
Other changes since v6.48.1:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - require "write+ftp" permissions for printing to file;
*) console - updated copyright notice;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcp - fixed link state checking for DHCP client;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed SNMP trap agent address;
*) supout - fixed "topic" column presence in "Log" section;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed new interface addition;
*) webfig - fixed new interface addition;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Changes in this release:
*) bridge - improved system stability when disabling IGMP/MLD querier port (introduced in v6.49beta22);
*) poe - fixed PoE out functionality on CRS354 (introduced in v6.49beta22);
*) ppp - improved stability when receiving bogus response on modem channel;
*) rb3011 - improved system stability when changing RouterBOARD settings (introduced in v6.48);
*) upgrade - fixed upgrade procedure on 16MB devices (introduced in v6.49beta22);
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
Other changes since v6.48.1:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - require "write+ftp" permissions for printing to file;
*) console - updated copyright notice;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed minor typo in configuration description;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcp - fixed link state checking for DHCP client;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed SNMP trap agent address;
*) supout - fixed "topic" column presence in "Log" section;
*) supout - print detailed list of active user sessions;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed new interface addition;
*) webfig - fixed new interface addition;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49beta22
2021-03-08
What's new in 6.49beta22 (2021-Mar-08 09:07):
Changes in this release:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - require "write+ftp" permissions for printing to file;
*) console - updated copyright notice;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcp - fixed link state checking for DHCP client;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) supout - fixed "topic" column presence in "Log" section;
*) supout - print detailed list of active user sessions;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed new interface addition;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Other changes since v6.48.1:
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) defconf - fixed minor typo in configuration description;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed SNMP trap agent address;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - fixed new interface addition;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
Changes in this release:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - require "write+ftp" permissions for printing to file;
*) console - updated copyright notice;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcp - fixed link state checking for DHCP client;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) supout - fixed "topic" column presence in "Log" section;
*) supout - print detailed list of active user sessions;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed new interface addition;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Other changes since v6.48.1:
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) defconf - fixed minor typo in configuration description;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed SNMP trap agent address;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - fixed new interface addition;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
Версия 6.49beta22
2021-03-08
What's new in 6.49beta22 (2021-Mar-08 09:07):
Changes in this release:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - require "write+ftp" permissions for printing to file;
*) console - updated copyright notice;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcp - fixed link state checking for DHCP client;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) supout - fixed "topic" column presence in "Log" section;
*) supout - print detailed list of active user sessions;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed new interface addition;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Other changes since v6.48.1:
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) defconf - fixed minor typo in configuration description;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed SNMP trap agent address;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - fixed new interface addition;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
Changes in this release:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - require "write+ftp" permissions for printing to file;
*) console - updated copyright notice;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcp - fixed link state checking for DHCP client;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) supout - fixed "topic" column presence in "Log" section;
*) supout - print detailed list of active user sessions;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed new interface addition;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Other changes since v6.48.1:
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) defconf - fixed minor typo in configuration description;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed SNMP trap agent address;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - fixed new interface addition;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
Версия 6.49beta22
2021-03-08
What's new in 6.49beta22 (2021-Mar-08 09:07):
Changes in this release:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - require "write+ftp" permissions for printing to file;
*) console - updated copyright notice;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcp - fixed link state checking for DHCP client;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) supout - fixed "topic" column presence in "Log" section;
*) supout - print detailed list of active user sessions;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed new interface addition;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Other changes since v6.48.1:
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) defconf - fixed minor typo in configuration description;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed SNMP trap agent address;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - fixed new interface addition;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
Changes in this release:
*) bridge - added IGMP and MLD querier monitoring (CLI only);
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - require "write+ftp" permissions for printing to file;
*) console - updated copyright notice;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - removed overlapping IPv6 firewall rules;
*) dhcp - fixed link state checking for DHCP client;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) netinstall - fixed lock file persistence after reinstall;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb922 - fixed miniPCI-e card detection (introduced in v6.49beta11);
*) supout - fixed "topic" column presence in "Log" section;
*) supout - print detailed list of active user sessions;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - do not show value units twice;
*) webfig - fixed interface sorting by name;
*) webfig - fixed new interface addition;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "united kingdom" regulatory domain information;
Other changes since v6.48.1:
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) defconf - fixed minor typo in configuration description;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed SNMP trap agent address;
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - fixed new interface addition;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
Версия 6.49beta11
2021-02-03
What's new in 6.49beta11 (2021-Feb-3 08:42):
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - fixed packet duplication when multiple bonding interfaces are created for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on ether37-ether48 ports for CRS354 device;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved load balancing on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved system stability when bonding and IGMP snooping is used (introduced in v6.48);
*) defconf - fixed minor typo in configuration description;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed phase 2 rekeying with enabled PFS (introduced in v6.48);
*) ike2 - improved stability when invalid certificate is configured (introduced in v6.48);
*) ike2 - properly register packet time after expensive CPU operations;
*) interface - fixed pwr-line interface linking (introduced in v6.48);
*) ipsec - improved stability when processing IPv6 packets larger than interface MTU;
*) led - fixed default LED configuration for RB911-5HnD;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) package - do not include multiple The Dude packages in HDD installer;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed "send-trap" functionality (introduced in v6.48);
*) snmp - fixed SNMP trap agent address;
*) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - fixed new interface addition;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - fixed packet duplication when multiple bonding interfaces are created for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on ether37-ether48 ports for CRS354 device;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved load balancing on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved system stability when bonding and IGMP snooping is used (introduced in v6.48);
*) defconf - fixed minor typo in configuration description;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed phase 2 rekeying with enabled PFS (introduced in v6.48);
*) ike2 - improved stability when invalid certificate is configured (introduced in v6.48);
*) ike2 - properly register packet time after expensive CPU operations;
*) interface - fixed pwr-line interface linking (introduced in v6.48);
*) ipsec - improved stability when processing IPv6 packets larger than interface MTU;
*) led - fixed default LED configuration for RB911-5HnD;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) package - do not include multiple The Dude packages in HDD installer;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed "send-trap" functionality (introduced in v6.48);
*) snmp - fixed SNMP trap agent address;
*) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - fixed new interface addition;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
Версия 6.49beta11
2021-02-03
What's new in 6.49beta11 (2021-Feb-3 08:42):
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - fixed packet duplication when multiple bonding interfaces are created for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on ether37-ether48 ports for CRS354 device;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved load balancing on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved system stability when bonding and IGMP snooping is used (introduced in v6.48);
*) defconf - fixed minor typo in configuration description;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed phase 2 rekeying with enabled PFS (introduced in v6.48);
*) ike2 - improved stability when invalid certificate is configured (introduced in v6.48);
*) ike2 - properly register packet time after expensive CPU operations;
*) interface - fixed pwr-line interface linking (introduced in v6.48);
*) ipsec - improved stability when processing IPv6 packets larger than interface MTU;
*) led - fixed default LED configuration for RB911-5HnD;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) package - do not include multiple The Dude packages in HDD installer;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed "send-trap" functionality (introduced in v6.48);
*) snmp - fixed SNMP trap agent address;
*) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - fixed new interface addition;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - fixed packet duplication when multiple bonding interfaces are created for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on ether37-ether48 ports for CRS354 device;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved load balancing on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved system stability when bonding and IGMP snooping is used (introduced in v6.48);
*) defconf - fixed minor typo in configuration description;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed phase 2 rekeying with enabled PFS (introduced in v6.48);
*) ike2 - improved stability when invalid certificate is configured (introduced in v6.48);
*) ike2 - properly register packet time after expensive CPU operations;
*) interface - fixed pwr-line interface linking (introduced in v6.48);
*) ipsec - improved stability when processing IPv6 packets larger than interface MTU;
*) led - fixed default LED configuration for RB911-5HnD;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) package - do not include multiple The Dude packages in HDD installer;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed "send-trap" functionality (introduced in v6.48);
*) snmp - fixed SNMP trap agent address;
*) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - fixed new interface addition;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
Версия 6.49beta11
2021-02-03
What's new in 6.49beta11 (2021-Feb-3 08:42):
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - fixed packet duplication when multiple bonding interfaces are created for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on ether37-ether48 ports for CRS354 device;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved load balancing on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved system stability when bonding and IGMP snooping is used (introduced in v6.48);
*) defconf - fixed minor typo in configuration description;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed phase 2 rekeying with enabled PFS (introduced in v6.48);
*) ike2 - improved stability when invalid certificate is configured (introduced in v6.48);
*) ike2 - properly register packet time after expensive CPU operations;
*) interface - fixed pwr-line interface linking (introduced in v6.48);
*) ipsec - improved stability when processing IPv6 packets larger than interface MTU;
*) led - fixed default LED configuration for RB911-5HnD;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) package - do not include multiple The Dude packages in HDD installer;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed "send-trap" functionality (introduced in v6.48);
*) snmp - fixed SNMP trap agent address;
*) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - fixed new interface addition;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - fixed packet duplication when multiple bonding interfaces are created for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on ether37-ether48 ports for CRS354 device;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved load balancing on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved system stability when bonding and IGMP snooping is used (introduced in v6.48);
*) defconf - fixed minor typo in configuration description;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed phase 2 rekeying with enabled PFS (introduced in v6.48);
*) ike2 - improved stability when invalid certificate is configured (introduced in v6.48);
*) ike2 - properly register packet time after expensive CPU operations;
*) interface - fixed pwr-line interface linking (introduced in v6.48);
*) ipsec - improved stability when processing IPv6 packets larger than interface MTU;
*) led - fixed default LED configuration for RB911-5HnD;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) package - do not include multiple The Dude packages in HDD installer;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) snmp - fixed "send-trap" functionality (introduced in v6.48);
*) snmp - fixed SNMP trap agent address;
*) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) webfig - fixed new interface addition;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
Версия 6.48rc1
2020-12-15
What's new in 6.48rc1 (2020-Dec-11 12:38):
Changes in this release:
*) arm - improved system stability;
*) bgp - fixed VPNV4 RD byte order;
*) bonding - added LACP monitoring;
*) branding - fixed LCD logo loading from new style branding package;
*) bridge - added "multicast-router" monitoring value for bridge interface (CLI only);
*) bridge - added fixes and improvements for IGMP and MLD snooping;
*) bridge - fixed "multicast-router" setting on bridge enable;
*) capsman - fixed authentication when using CAPsMAN forwarding (introduced in v6.48beta48);
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
*) crs3xx - added initial Bridge Port Extender support;
*) crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
*) crs3xx - fixed "tag-stacking" for CRS305, CRS318, CRS326-24G-2S+ and CRS328 devices (introduced in v6.48beta58);
*) crs3xx - fixed bridge "port-extender" for CRS318 devices;
*) crs3xx - fixed ingress rate policer for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.48beta35);
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) ethernet - fixed IP connectivity on SFP/SFP+ interfaces for CCR2004-1G-12S+2XS device (introduced in v6.48beta58);
*) ike1 - fixed 'rsa-signature-hybrid' authentication method;
*) ike1 - fixed memory leak on multiple CR payloads;
*) ipsec - added SHA384 hash algorithm support for phase 1;
*) lte - increased "at+cops" reply timeout to 90 seconds;
*) profile - added "lcd" process classificator;
*) tr069-client - fixed TotalBytesReceived parameter value;
*) winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
*) winbox - added missing IGMP Snooping settings to "Bridge" menu;
*) winbox - added missing MSTP settings to "Bridge" menu;
*) winbox - added support for LTE Cell Monitor;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "indonesia5" regulatory domain information;
Other changes since v6.47.8:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) arm64 - improved reboot reason reporting in log;
*) bonding - added LACP monitoring;
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show "H" flag for extended bridge ports;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed CRL URL length limit;
*) certificate - fixed private key verification for CA certificate during signing process;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
*) crs3xx - fixed bridge port-extender for CRS318 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - fixed "html-directory" parameter export;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved EAP message integrity checking;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) interface - fixed pwr-line running state (introduced in v6.45);
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) lte - increased "at+cops" reply timeout to 1 minute;
*) m33g - added support for "/system gpio" menu (CLI only);
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added branding package version parameter;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "no_country_set" regulatory domain information;
Changes in this release:
*) arm - improved system stability;
*) bgp - fixed VPNV4 RD byte order;
*) bonding - added LACP monitoring;
*) branding - fixed LCD logo loading from new style branding package;
*) bridge - added "multicast-router" monitoring value for bridge interface (CLI only);
*) bridge - added fixes and improvements for IGMP and MLD snooping;
*) bridge - fixed "multicast-router" setting on bridge enable;
*) capsman - fixed authentication when using CAPsMAN forwarding (introduced in v6.48beta48);
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
*) crs3xx - added initial Bridge Port Extender support;
*) crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
*) crs3xx - fixed "tag-stacking" for CRS305, CRS318, CRS326-24G-2S+ and CRS328 devices (introduced in v6.48beta58);
*) crs3xx - fixed bridge "port-extender" for CRS318 devices;
*) crs3xx - fixed ingress rate policer for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.48beta35);
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) ethernet - fixed IP connectivity on SFP/SFP+ interfaces for CCR2004-1G-12S+2XS device (introduced in v6.48beta58);
*) ike1 - fixed 'rsa-signature-hybrid' authentication method;
*) ike1 - fixed memory leak on multiple CR payloads;
*) ipsec - added SHA384 hash algorithm support for phase 1;
*) lte - increased "at+cops" reply timeout to 90 seconds;
*) profile - added "lcd" process classificator;
*) tr069-client - fixed TotalBytesReceived parameter value;
*) winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
*) winbox - added missing IGMP Snooping settings to "Bridge" menu;
*) winbox - added missing MSTP settings to "Bridge" menu;
*) winbox - added support for LTE Cell Monitor;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "indonesia5" regulatory domain information;
Other changes since v6.47.8:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) arm64 - improved reboot reason reporting in log;
*) bonding - added LACP monitoring;
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show "H" flag for extended bridge ports;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed CRL URL length limit;
*) certificate - fixed private key verification for CA certificate during signing process;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
*) crs3xx - fixed bridge port-extender for CRS318 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - fixed "html-directory" parameter export;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved EAP message integrity checking;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) interface - fixed pwr-line running state (introduced in v6.45);
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) lte - increased "at+cops" reply timeout to 1 minute;
*) m33g - added support for "/system gpio" menu (CLI only);
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added branding package version parameter;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "no_country_set" regulatory domain information;
Версия 6.48rc1
2020-12-15
What's new in 6.48rc1 (2020-Dec-11 12:38):
Changes in this release:
*) arm - improved system stability;
*) bgp - fixed VPNV4 RD byte order;
*) bonding - added LACP monitoring;
*) branding - fixed LCD logo loading from new style branding package;
*) bridge - added "multicast-router" monitoring value for bridge interface (CLI only);
*) bridge - added fixes and improvements for IGMP and MLD snooping;
*) bridge - fixed "multicast-router" setting on bridge enable;
*) capsman - fixed authentication when using CAPsMAN forwarding (introduced in v6.48beta48);
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
*) crs3xx - added initial Bridge Port Extender support;
*) crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
*) crs3xx - fixed "tag-stacking" for CRS305, CRS318, CRS326-24G-2S+ and CRS328 devices (introduced in v6.48beta58);
*) crs3xx - fixed bridge "port-extender" for CRS318 devices;
*) crs3xx - fixed ingress rate policer for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.48beta35);
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) ethernet - fixed IP connectivity on SFP/SFP+ interfaces for CCR2004-1G-12S+2XS device (introduced in v6.48beta58);
*) ike1 - fixed 'rsa-signature-hybrid' authentication method;
*) ike1 - fixed memory leak on multiple CR payloads;
*) ipsec - added SHA384 hash algorithm support for phase 1;
*) lte - increased "at+cops" reply timeout to 90 seconds;
*) profile - added "lcd" process classificator;
*) tr069-client - fixed TotalBytesReceived parameter value;
*) winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
*) winbox - added missing IGMP Snooping settings to "Bridge" menu;
*) winbox - added missing MSTP settings to "Bridge" menu;
*) winbox - added support for LTE Cell Monitor;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "indonesia5" regulatory domain information;
Other changes since v6.47.8:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) arm64 - improved reboot reason reporting in log;
*) bonding - added LACP monitoring;
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show "H" flag for extended bridge ports;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed CRL URL length limit;
*) certificate - fixed private key verification for CA certificate during signing process;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
*) crs3xx - fixed bridge port-extender for CRS318 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - fixed "html-directory" parameter export;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved EAP message integrity checking;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) interface - fixed pwr-line running state (introduced in v6.45);
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) lte - increased "at+cops" reply timeout to 1 minute;
*) m33g - added support for "/system gpio" menu (CLI only);
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added branding package version parameter;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "no_country_set" regulatory domain information;
Changes in this release:
*) arm - improved system stability;
*) bgp - fixed VPNV4 RD byte order;
*) bonding - added LACP monitoring;
*) branding - fixed LCD logo loading from new style branding package;
*) bridge - added "multicast-router" monitoring value for bridge interface (CLI only);
*) bridge - added fixes and improvements for IGMP and MLD snooping;
*) bridge - fixed "multicast-router" setting on bridge enable;
*) capsman - fixed authentication when using CAPsMAN forwarding (introduced in v6.48beta48);
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
*) crs3xx - added initial Bridge Port Extender support;
*) crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
*) crs3xx - fixed "tag-stacking" for CRS305, CRS318, CRS326-24G-2S+ and CRS328 devices (introduced in v6.48beta58);
*) crs3xx - fixed bridge "port-extender" for CRS318 devices;
*) crs3xx - fixed ingress rate policer for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.48beta35);
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) ethernet - fixed IP connectivity on SFP/SFP+ interfaces for CCR2004-1G-12S+2XS device (introduced in v6.48beta58);
*) ike1 - fixed 'rsa-signature-hybrid' authentication method;
*) ike1 - fixed memory leak on multiple CR payloads;
*) ipsec - added SHA384 hash algorithm support for phase 1;
*) lte - increased "at+cops" reply timeout to 90 seconds;
*) profile - added "lcd" process classificator;
*) tr069-client - fixed TotalBytesReceived parameter value;
*) winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
*) winbox - added missing IGMP Snooping settings to "Bridge" menu;
*) winbox - added missing MSTP settings to "Bridge" menu;
*) winbox - added support for LTE Cell Monitor;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "indonesia5" regulatory domain information;
Other changes since v6.47.8:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) arm64 - improved reboot reason reporting in log;
*) bonding - added LACP monitoring;
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show "H" flag for extended bridge ports;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed CRL URL length limit;
*) certificate - fixed private key verification for CA certificate during signing process;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
*) crs3xx - fixed bridge port-extender for CRS318 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - fixed "html-directory" parameter export;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved EAP message integrity checking;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) interface - fixed pwr-line running state (introduced in v6.45);
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) lte - increased "at+cops" reply timeout to 1 minute;
*) m33g - added support for "/system gpio" menu (CLI only);
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added branding package version parameter;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "no_country_set" regulatory domain information;
Версия 6.48rc1
2020-12-15
What's new in 6.48rc1 (2020-Dec-11 12:38):
Changes in this release:
*) arm - improved system stability;
*) bgp - fixed VPNV4 RD byte order;
*) bonding - added LACP monitoring;
*) branding - fixed LCD logo loading from new style branding package;
*) bridge - added "multicast-router" monitoring value for bridge interface (CLI only);
*) bridge - added fixes and improvements for IGMP and MLD snooping;
*) bridge - fixed "multicast-router" setting on bridge enable;
*) capsman - fixed authentication when using CAPsMAN forwarding (introduced in v6.48beta48);
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
*) crs3xx - added initial Bridge Port Extender support;
*) crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
*) crs3xx - fixed "tag-stacking" for CRS305, CRS318, CRS326-24G-2S+ and CRS328 devices (introduced in v6.48beta58);
*) crs3xx - fixed bridge "port-extender" for CRS318 devices;
*) crs3xx - fixed ingress rate policer for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.48beta35);
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) ethernet - fixed IP connectivity on SFP/SFP+ interfaces for CCR2004-1G-12S+2XS device (introduced in v6.48beta58);
*) ike1 - fixed 'rsa-signature-hybrid' authentication method;
*) ike1 - fixed memory leak on multiple CR payloads;
*) ipsec - added SHA384 hash algorithm support for phase 1;
*) lte - increased "at+cops" reply timeout to 90 seconds;
*) profile - added "lcd" process classificator;
*) tr069-client - fixed TotalBytesReceived parameter value;
*) winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
*) winbox - added missing IGMP Snooping settings to "Bridge" menu;
*) winbox - added missing MSTP settings to "Bridge" menu;
*) winbox - added support for LTE Cell Monitor;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "indonesia5" regulatory domain information;
Other changes since v6.47.8:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) arm64 - improved reboot reason reporting in log;
*) bonding - added LACP monitoring;
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show "H" flag for extended bridge ports;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed CRL URL length limit;
*) certificate - fixed private key verification for CA certificate during signing process;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
*) crs3xx - fixed bridge port-extender for CRS318 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - fixed "html-directory" parameter export;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved EAP message integrity checking;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) interface - fixed pwr-line running state (introduced in v6.45);
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) lte - increased "at+cops" reply timeout to 1 minute;
*) m33g - added support for "/system gpio" menu (CLI only);
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added branding package version parameter;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "no_country_set" regulatory domain information;
Changes in this release:
*) arm - improved system stability;
*) bgp - fixed VPNV4 RD byte order;
*) bonding - added LACP monitoring;
*) branding - fixed LCD logo loading from new style branding package;
*) bridge - added "multicast-router" monitoring value for bridge interface (CLI only);
*) bridge - added fixes and improvements for IGMP and MLD snooping;
*) bridge - fixed "multicast-router" setting on bridge enable;
*) capsman - fixed authentication when using CAPsMAN forwarding (introduced in v6.48beta48);
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
*) crs3xx - added initial Bridge Port Extender support;
*) crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
*) crs3xx - fixed "tag-stacking" for CRS305, CRS318, CRS326-24G-2S+ and CRS328 devices (introduced in v6.48beta58);
*) crs3xx - fixed bridge "port-extender" for CRS318 devices;
*) crs3xx - fixed ingress rate policer for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.48beta35);
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) ethernet - fixed IP connectivity on SFP/SFP+ interfaces for CCR2004-1G-12S+2XS device (introduced in v6.48beta58);
*) ike1 - fixed 'rsa-signature-hybrid' authentication method;
*) ike1 - fixed memory leak on multiple CR payloads;
*) ipsec - added SHA384 hash algorithm support for phase 1;
*) lte - increased "at+cops" reply timeout to 90 seconds;
*) profile - added "lcd" process classificator;
*) tr069-client - fixed TotalBytesReceived parameter value;
*) winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
*) winbox - added missing IGMP Snooping settings to "Bridge" menu;
*) winbox - added missing MSTP settings to "Bridge" menu;
*) winbox - added support for LTE Cell Monitor;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "indonesia5" regulatory domain information;
Other changes since v6.47.8:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) arm64 - improved reboot reason reporting in log;
*) bonding - added LACP monitoring;
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show "H" flag for extended bridge ports;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed CRL URL length limit;
*) certificate - fixed private key verification for CA certificate during signing process;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
*) crs3xx - fixed bridge port-extender for CRS318 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - fixed "html-directory" parameter export;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved EAP message integrity checking;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) interface - fixed pwr-line running state (introduced in v6.45);
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) lte - increased "at+cops" reply timeout to 1 minute;
*) m33g - added support for "/system gpio" menu (CLI only);
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added branding package version parameter;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "no_country_set" regulatory domain information;
Версия 6.48beta58
2020-11-24
What's new in 6.48beta58 (2020-Nov-24 08:31):
Changes in this release:
*) arm - improved system stability;
*) bgp - treat route target with AS 65535 as two byte AS;
*) bonding - added LACP monitoring;
*) branding - fixed imported skin presence;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) certificate - fixed CRL URL length limit;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
*) crs3xx - fixed bridge port-extender for CRS318 devices;
*) crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - improved stability with large table of static records;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) hotspot - fixed "html-directory" parameter export;
*) ike2 - improved EAP message integrity checking;
*) interface - fixed pwr-line running state (introduced in v6.45);
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - increased "at+cops" reply timeout to 1 minute;
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed directory entry reporting;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - fixed process classification on x86 systems (introduced in v6.47);
*) quickset - fixed wireless client "uptime" counter in "Home Mesh" mode;
*) sstp - fixed "idle-timeout" on TILE and CHR devices;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added branding package version parameter;
*) upgrade - do not try installing packages if download was not completed;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "operator" parameter under "Interface/LTE" menu;
*) winbox - added "reformat-hold-button-max" parameter under "System/RouterBOARD/Settings" menu;
*) winbox - added "tls-mode" parameter under "CAPsMAN/Security Cfg." menu;
*) winbox - added "tx-rx-1024-max" counter under "Interface/Overall-Stats" for CRS3xx devices;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - do not allow MAC address changes on LTE interfaces;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "usb-bus" option on all boards that have it;
*) winbox - show "usb-type" option on all boards that have it;
*) winbox - sort IPv6 firewall "chain" parameter entries alphabetically;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - increased "group-key-update" maximum value to 1 day;
Other changes since v6.47.7:
*) arm64 - improved reboot reason reporting in log;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed private key verification for CA certificate during signing process;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) m33g - added support for "/system gpio" menu (CLI only);
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - updated "no_country_set" regulatory domain information;
Changes in this release:
*) arm - improved system stability;
*) bgp - treat route target with AS 65535 as two byte AS;
*) bonding - added LACP monitoring;
*) branding - fixed imported skin presence;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) certificate - fixed CRL URL length limit;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
*) crs3xx - fixed bridge port-extender for CRS318 devices;
*) crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - improved stability with large table of static records;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) hotspot - fixed "html-directory" parameter export;
*) ike2 - improved EAP message integrity checking;
*) interface - fixed pwr-line running state (introduced in v6.45);
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - increased "at+cops" reply timeout to 1 minute;
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed directory entry reporting;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - fixed process classification on x86 systems (introduced in v6.47);
*) quickset - fixed wireless client "uptime" counter in "Home Mesh" mode;
*) sstp - fixed "idle-timeout" on TILE and CHR devices;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added branding package version parameter;
*) upgrade - do not try installing packages if download was not completed;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "operator" parameter under "Interface/LTE" menu;
*) winbox - added "reformat-hold-button-max" parameter under "System/RouterBOARD/Settings" menu;
*) winbox - added "tls-mode" parameter under "CAPsMAN/Security Cfg." menu;
*) winbox - added "tx-rx-1024-max" counter under "Interface/Overall-Stats" for CRS3xx devices;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - do not allow MAC address changes on LTE interfaces;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "usb-bus" option on all boards that have it;
*) winbox - show "usb-type" option on all boards that have it;
*) winbox - sort IPv6 firewall "chain" parameter entries alphabetically;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - increased "group-key-update" maximum value to 1 day;
Other changes since v6.47.7:
*) arm64 - improved reboot reason reporting in log;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed private key verification for CA certificate during signing process;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) m33g - added support for "/system gpio" menu (CLI only);
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - updated "no_country_set" regulatory domain information;
Версия 6.48beta58
2020-11-24
What's new in 6.48beta58 (2020-Nov-24 08:31):
Changes in this release:
*) arm - improved system stability;
*) bgp - treat route target with AS 65535 as two byte AS;
*) bonding - added LACP monitoring;
*) branding - fixed imported skin presence;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) certificate - fixed CRL URL length limit;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
*) crs3xx - fixed bridge port-extender for CRS318 devices;
*) crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - improved stability with large table of static records;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) hotspot - fixed "html-directory" parameter export;
*) ike2 - improved EAP message integrity checking;
*) interface - fixed pwr-line running state (introduced in v6.45);
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - increased "at+cops" reply timeout to 1 minute;
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed directory entry reporting;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - fixed process classification on x86 systems (introduced in v6.47);
*) quickset - fixed wireless client "uptime" counter in "Home Mesh" mode;
*) sstp - fixed "idle-timeout" on TILE and CHR devices;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added branding package version parameter;
*) upgrade - do not try installing packages if download was not completed;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "operator" parameter under "Interface/LTE" menu;
*) winbox - added "reformat-hold-button-max" parameter under "System/RouterBOARD/Settings" menu;
*) winbox - added "tls-mode" parameter under "CAPsMAN/Security Cfg." menu;
*) winbox - added "tx-rx-1024-max" counter under "Interface/Overall-Stats" for CRS3xx devices;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - do not allow MAC address changes on LTE interfaces;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "usb-bus" option on all boards that have it;
*) winbox - show "usb-type" option on all boards that have it;
*) winbox - sort IPv6 firewall "chain" parameter entries alphabetically;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - increased "group-key-update" maximum value to 1 day;
Other changes since v6.47.7:
*) arm64 - improved reboot reason reporting in log;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed private key verification for CA certificate during signing process;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) m33g - added support for "/system gpio" menu (CLI only);
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - updated "no_country_set" regulatory domain information;
Changes in this release:
*) arm - improved system stability;
*) bgp - treat route target with AS 65535 as two byte AS;
*) bonding - added LACP monitoring;
*) branding - fixed imported skin presence;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) certificate - fixed CRL URL length limit;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
*) crs3xx - fixed bridge port-extender for CRS318 devices;
*) crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - improved stability with large table of static records;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) hotspot - fixed "html-directory" parameter export;
*) ike2 - improved EAP message integrity checking;
*) interface - fixed pwr-line running state (introduced in v6.45);
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - increased "at+cops" reply timeout to 1 minute;
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed directory entry reporting;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - fixed process classification on x86 systems (introduced in v6.47);
*) quickset - fixed wireless client "uptime" counter in "Home Mesh" mode;
*) sstp - fixed "idle-timeout" on TILE and CHR devices;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added branding package version parameter;
*) upgrade - do not try installing packages if download was not completed;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "operator" parameter under "Interface/LTE" menu;
*) winbox - added "reformat-hold-button-max" parameter under "System/RouterBOARD/Settings" menu;
*) winbox - added "tls-mode" parameter under "CAPsMAN/Security Cfg." menu;
*) winbox - added "tx-rx-1024-max" counter under "Interface/Overall-Stats" for CRS3xx devices;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - do not allow MAC address changes on LTE interfaces;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "usb-bus" option on all boards that have it;
*) winbox - show "usb-type" option on all boards that have it;
*) winbox - sort IPv6 firewall "chain" parameter entries alphabetically;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - increased "group-key-update" maximum value to 1 day;
Other changes since v6.47.7:
*) arm64 - improved reboot reason reporting in log;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed private key verification for CA certificate during signing process;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) m33g - added support for "/system gpio" menu (CLI only);
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - updated "no_country_set" regulatory domain information;
Версия 6.48beta58
2020-11-24
What's new in 6.48beta58 (2020-Nov-24 08:31):
Changes in this release:
*) arm - improved system stability;
*) bgp - treat route target with AS 65535 as two byte AS;
*) bonding - added LACP monitoring;
*) branding - fixed imported skin presence;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) certificate - fixed CRL URL length limit;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
*) crs3xx - fixed bridge port-extender for CRS318 devices;
*) crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - improved stability with large table of static records;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) hotspot - fixed "html-directory" parameter export;
*) ike2 - improved EAP message integrity checking;
*) interface - fixed pwr-line running state (introduced in v6.45);
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - increased "at+cops" reply timeout to 1 minute;
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed directory entry reporting;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - fixed process classification on x86 systems (introduced in v6.47);
*) quickset - fixed wireless client "uptime" counter in "Home Mesh" mode;
*) sstp - fixed "idle-timeout" on TILE and CHR devices;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added branding package version parameter;
*) upgrade - do not try installing packages if download was not completed;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "operator" parameter under "Interface/LTE" menu;
*) winbox - added "reformat-hold-button-max" parameter under "System/RouterBOARD/Settings" menu;
*) winbox - added "tls-mode" parameter under "CAPsMAN/Security Cfg." menu;
*) winbox - added "tx-rx-1024-max" counter under "Interface/Overall-Stats" for CRS3xx devices;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - do not allow MAC address changes on LTE interfaces;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "usb-bus" option on all boards that have it;
*) winbox - show "usb-type" option on all boards that have it;
*) winbox - sort IPv6 firewall "chain" parameter entries alphabetically;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - increased "group-key-update" maximum value to 1 day;
Other changes since v6.47.7:
*) arm64 - improved reboot reason reporting in log;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed private key verification for CA certificate during signing process;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) m33g - added support for "/system gpio" menu (CLI only);
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - updated "no_country_set" regulatory domain information;
Changes in this release:
*) arm - improved system stability;
*) bgp - treat route target with AS 65535 as two byte AS;
*) bonding - added LACP monitoring;
*) branding - fixed imported skin presence;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) certificate - fixed CRL URL length limit;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) crs3xx - fixed booting issues on CRS354 devices (introduced in v6.48beta48);
*) crs3xx - fixed bridge port-extender for CRS318 devices;
*) crs3xx - fixed switch-cpu VLAN membership removal (introduced in v6.48beta40);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - improved stability with large table of static records;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) hotspot - fixed "html-directory" parameter export;
*) ike2 - improved EAP message integrity checking;
*) interface - fixed pwr-line running state (introduced in v6.45);
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - increased "at+cops" reply timeout to 1 minute;
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed directory entry reporting;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - fixed process classification on x86 systems (introduced in v6.47);
*) quickset - fixed wireless client "uptime" counter in "Home Mesh" mode;
*) sstp - fixed "idle-timeout" on TILE and CHR devices;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added branding package version parameter;
*) upgrade - do not try installing packages if download was not completed;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "operator" parameter under "Interface/LTE" menu;
*) winbox - added "reformat-hold-button-max" parameter under "System/RouterBOARD/Settings" menu;
*) winbox - added "tls-mode" parameter under "CAPsMAN/Security Cfg." menu;
*) winbox - added "tx-rx-1024-max" counter under "Interface/Overall-Stats" for CRS3xx devices;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - do not allow MAC address changes on LTE interfaces;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "usb-bus" option on all boards that have it;
*) winbox - show "usb-type" option on all boards that have it;
*) winbox - sort IPv6 firewall "chain" parameter entries alphabetically;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - increased "group-key-update" maximum value to 1 day;
Other changes since v6.47.7:
*) arm64 - improved reboot reason reporting in log;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed private key verification for CA certificate during signing process;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) m33g - added support for "/system gpio" menu (CLI only);
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - updated "no_country_set" regulatory domain information;
Версия 6.48beta48
2020-10-15
What's new in 6.48beta48 (2020-Oct-14 10:26):
Important note!!!
Using this version on CRS354-48G-4S+2Q+RM or CRS354-48P-4S+2Q+RM will cause booting issues and device may need to be reinstalled.
Changes in this release:
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) cap - fixed L2MTU path discovery;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - fixed private key verification for CA certificate during signing process;
*) cloud - improved backup generation process;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) fetch - improved SSL handshake processing;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lte - fixed "band" value reporting;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) m33g - added support for "/system gpio" menu (CLI only);
*) mpls - fixed duplicate "LabelRelease" message sending;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - fixed RouterOS downgrade procedure;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user - improved WinBox and The Dude authenticated session handling;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) wireless - updated "no_country_set" regulatory domain information;
Other changes since v6.47.4:
*) arm64 - improved reboot reason reporting in log;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) leds - fixed LED type setting;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) ospf - optimized LSA printing for smaller message sizes;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) switch - fixed Ethernet padding for small packets;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) user-manager - do not allow creating limitation that crosses midnight;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - improved WPS process stability;
*) wireless - updated "no_country_set" regulatory domain information;
Important note!!!
Using this version on CRS354-48G-4S+2Q+RM or CRS354-48P-4S+2Q+RM will cause booting issues and device may need to be reinstalled.
Changes in this release:
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) cap - fixed L2MTU path discovery;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - fixed private key verification for CA certificate during signing process;
*) cloud - improved backup generation process;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) fetch - improved SSL handshake processing;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lte - fixed "band" value reporting;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) m33g - added support for "/system gpio" menu (CLI only);
*) mpls - fixed duplicate "LabelRelease" message sending;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - fixed RouterOS downgrade procedure;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user - improved WinBox and The Dude authenticated session handling;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) wireless - updated "no_country_set" regulatory domain information;
Other changes since v6.47.4:
*) arm64 - improved reboot reason reporting in log;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) leds - fixed LED type setting;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) ospf - optimized LSA printing for smaller message sizes;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) switch - fixed Ethernet padding for small packets;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) user-manager - do not allow creating limitation that crosses midnight;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - improved WPS process stability;
*) wireless - updated "no_country_set" regulatory domain information;
Версия 6.48beta48
2020-10-15
What's new in 6.48beta48 (2020-Oct-14 10:26):
Important note!!!
Using this version on CRS354-48G-4S+2Q+RM or CRS354-48P-4S+2Q+RM will cause booting issues and device may need to be reinstalled.
Changes in this release:
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) cap - fixed L2MTU path discovery;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - fixed private key verification for CA certificate during signing process;
*) cloud - improved backup generation process;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) fetch - improved SSL handshake processing;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lte - fixed "band" value reporting;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) m33g - added support for "/system gpio" menu (CLI only);
*) mpls - fixed duplicate "LabelRelease" message sending;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - fixed RouterOS downgrade procedure;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user - improved WinBox and The Dude authenticated session handling;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) wireless - updated "no_country_set" regulatory domain information;
Other changes since v6.47.4:
*) arm64 - improved reboot reason reporting in log;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) leds - fixed LED type setting;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) ospf - optimized LSA printing for smaller message sizes;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) switch - fixed Ethernet padding for small packets;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) user-manager - do not allow creating limitation that crosses midnight;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - improved WPS process stability;
*) wireless - updated "no_country_set" regulatory domain information;
Important note!!!
Using this version on CRS354-48G-4S+2Q+RM or CRS354-48P-4S+2Q+RM will cause booting issues and device may need to be reinstalled.
Changes in this release:
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) cap - fixed L2MTU path discovery;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - fixed private key verification for CA certificate during signing process;
*) cloud - improved backup generation process;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) fetch - improved SSL handshake processing;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lte - fixed "band" value reporting;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) m33g - added support for "/system gpio" menu (CLI only);
*) mpls - fixed duplicate "LabelRelease" message sending;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - fixed RouterOS downgrade procedure;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user - improved WinBox and The Dude authenticated session handling;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) wireless - updated "no_country_set" regulatory domain information;
Other changes since v6.47.4:
*) arm64 - improved reboot reason reporting in log;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) leds - fixed LED type setting;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) ospf - optimized LSA printing for smaller message sizes;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) switch - fixed Ethernet padding for small packets;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) user-manager - do not allow creating limitation that crosses midnight;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - improved WPS process stability;
*) wireless - updated "no_country_set" regulatory domain information;
Версия 6.48beta48
2020-10-15
What's new in 6.48beta48 (2020-Oct-14 10:26):
Important note!!!
Using this version on CRS354-48G-4S+2Q+RM or CRS354-48P-4S+2Q+RM will cause booting issues and device may need to be reinstalled.
Changes in this release:
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) cap - fixed L2MTU path discovery;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - fixed private key verification for CA certificate during signing process;
*) cloud - improved backup generation process;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) fetch - improved SSL handshake processing;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lte - fixed "band" value reporting;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) m33g - added support for "/system gpio" menu (CLI only);
*) mpls - fixed duplicate "LabelRelease" message sending;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - fixed RouterOS downgrade procedure;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user - improved WinBox and The Dude authenticated session handling;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) wireless - updated "no_country_set" regulatory domain information;
Other changes since v6.47.4:
*) arm64 - improved reboot reason reporting in log;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) leds - fixed LED type setting;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) ospf - optimized LSA printing for smaller message sizes;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) switch - fixed Ethernet padding for small packets;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) user-manager - do not allow creating limitation that crosses midnight;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - improved WPS process stability;
*) wireless - updated "no_country_set" regulatory domain information;
Important note!!!
Using this version on CRS354-48G-4S+2Q+RM or CRS354-48P-4S+2Q+RM will cause booting issues and device may need to be reinstalled.
Changes in this release:
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) cap - fixed L2MTU path discovery;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - fixed private key verification for CA certificate during signing process;
*) cloud - improved backup generation process;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed port-isolation for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices (introduced in v6.48beta35);
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
*) discovery - fixed occasional wrong Chassis-ID for LLDP packets (introduced in v6.48beta35);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) fetch - improved SSL handshake processing;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lte - fixed "band" value reporting;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) m33g - added support for "/system gpio" menu (CLI only);
*) mpls - fixed duplicate "LabelRelease" message sending;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - fixed RouterOS downgrade procedure;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user - improved WinBox and The Dude authenticated session handling;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) wireless - updated "no_country_set" regulatory domain information;
Other changes since v6.47.4:
*) arm64 - improved reboot reason reporting in log;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) leds - fixed LED type setting;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) ospf - optimized LSA printing for smaller message sizes;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) switch - fixed Ethernet padding for small packets;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) user-manager - do not allow creating limitation that crosses midnight;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - improved WPS process stability;
*) wireless - updated "no_country_set" regulatory domain information;
Версия 6.48beta40
2020-09-15
What's new in 6.48beta40 (2020-Sep-14 13:34):
*) arm64 - improved reboot reason reporting in log;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) leds - fixed LED type setting;
*) smb - fixed possible memory leak;
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) snmp - fixed value types for "dot1qPvid";
*) supout - added bonding interface monitor information;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) wireless - improved WPS process stability;
Other changes since v6.47.3:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) ospf - optimized LSA printing for smaller message sizes;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) snmp - fixed value types for "dot1dStp";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) arm64 - improved reboot reason reporting in log;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) leds - fixed LED type setting;
*) smb - fixed possible memory leak;
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) snmp - fixed value types for "dot1qPvid";
*) supout - added bonding interface monitor information;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) wireless - improved WPS process stability;
Other changes since v6.47.3:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) ospf - optimized LSA printing for smaller message sizes;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) snmp - fixed value types for "dot1dStp";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
Версия 6.48beta40
2020-09-15
What's new in 6.48beta40 (2020-Sep-14 13:34):
*) arm64 - improved reboot reason reporting in log;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) leds - fixed LED type setting;
*) smb - fixed possible memory leak;
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) snmp - fixed value types for "dot1qPvid";
*) supout - added bonding interface monitor information;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) wireless - improved WPS process stability;
Other changes since v6.47.3:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) ospf - optimized LSA printing for smaller message sizes;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) snmp - fixed value types for "dot1dStp";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) arm64 - improved reboot reason reporting in log;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) leds - fixed LED type setting;
*) smb - fixed possible memory leak;
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) snmp - fixed value types for "dot1qPvid";
*) supout - added bonding interface monitor information;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) wireless - improved WPS process stability;
Other changes since v6.47.3:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) ospf - optimized LSA printing for smaller message sizes;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) snmp - fixed value types for "dot1dStp";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
Версия 6.48beta40
2020-09-15
What's new in 6.48beta40 (2020-Sep-14 13:34):
*) arm64 - improved reboot reason reporting in log;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) leds - fixed LED type setting;
*) smb - fixed possible memory leak;
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) snmp - fixed value types for "dot1qPvid";
*) supout - added bonding interface monitor information;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) wireless - improved WPS process stability;
Other changes since v6.47.3:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) ospf - optimized LSA printing for smaller message sizes;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) snmp - fixed value types for "dot1dStp";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) arm64 - improved reboot reason reporting in log;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcpv4-server - improved "client-id" value parsing;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) leds - fixed LED type setting;
*) smb - fixed possible memory leak;
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) snmp - fixed value types for "dot1qPvid";
*) supout - added bonding interface monitor information;
*) switch - fixed Ethernet padding for small packets;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) wireless - improved WPS process stability;
Other changes since v6.47.3:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) ospf - optimized LSA printing for smaller message sizes;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) snmp - fixed value types for "dot1dStp";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-flow - added "sys-init-time" parameter support;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
Версия 6.48beta35
2020-09-02
What's new in 6.48beta35 (2020-Sep-02 07:50):
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) bridge - increased multicast table size to 4K entries;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - fixed multiple TXT string replies;
*) dns - hide default static entry "type" from export;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - improved long-term filesystem stability and data integrity;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - improved management service stability when receiving bogus packets;
*) ike2 - fixed local side NAT detection;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) lte - added support for Alcatel IK41VE1;
*) snmp - fixed value types for "dot1dStp";
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) wireless - allow setting "tx-power" up to 40;
Other changes since v6.47.2:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added "comment" parameter for APN profiles (CLI only);
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS309, CRS317 devices ("/system routerboard upgrade" required);
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) traffic-flow - added NAT event logging support for IPFIX;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) bridge - increased multicast table size to 4K entries;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - fixed multiple TXT string replies;
*) dns - hide default static entry "type" from export;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - improved long-term filesystem stability and data integrity;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - improved management service stability when receiving bogus packets;
*) ike2 - fixed local side NAT detection;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) lte - added support for Alcatel IK41VE1;
*) snmp - fixed value types for "dot1dStp";
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) wireless - allow setting "tx-power" up to 40;
Other changes since v6.47.2:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added "comment" parameter for APN profiles (CLI only);
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS309, CRS317 devices ("/system routerboard upgrade" required);
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) traffic-flow - added NAT event logging support for IPFIX;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
Версия 6.48beta35
2020-09-02
What's new in 6.48beta35 (2020-Sep-02 07:50):
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) bridge - increased multicast table size to 4K entries;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - fixed multiple TXT string replies;
*) dns - hide default static entry "type" from export;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - improved long-term filesystem stability and data integrity;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - improved management service stability when receiving bogus packets;
*) ike2 - fixed local side NAT detection;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) lte - added support for Alcatel IK41VE1;
*) snmp - fixed value types for "dot1dStp";
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) wireless - allow setting "tx-power" up to 40;
Other changes since v6.47.2:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added "comment" parameter for APN profiles (CLI only);
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS309, CRS317 devices ("/system routerboard upgrade" required);
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) traffic-flow - added NAT event logging support for IPFIX;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) bridge - increased multicast table size to 4K entries;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - fixed multiple TXT string replies;
*) dns - hide default static entry "type" from export;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - improved long-term filesystem stability and data integrity;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - improved management service stability when receiving bogus packets;
*) ike2 - fixed local side NAT detection;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) lte - added support for Alcatel IK41VE1;
*) snmp - fixed value types for "dot1dStp";
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) wireless - allow setting "tx-power" up to 40;
Other changes since v6.47.2:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added "comment" parameter for APN profiles (CLI only);
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS309, CRS317 devices ("/system routerboard upgrade" required);
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) traffic-flow - added NAT event logging support for IPFIX;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
Версия 6.48beta35
2020-09-02
What's new in 6.48beta35 (2020-Sep-02 07:50):
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) bridge - increased multicast table size to 4K entries;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - fixed multiple TXT string replies;
*) dns - hide default static entry "type" from export;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - improved long-term filesystem stability and data integrity;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - improved management service stability when receiving bogus packets;
*) ike2 - fixed local side NAT detection;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) lte - added support for Alcatel IK41VE1;
*) snmp - fixed value types for "dot1dStp";
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) wireless - allow setting "tx-power" up to 40;
Other changes since v6.47.2:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added "comment" parameter for APN profiles (CLI only);
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS309, CRS317 devices ("/system routerboard upgrade" required);
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) traffic-flow - added NAT event logging support for IPFIX;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) bonding - removed "sys-id" and "sys-priority" from monitor-slaves command;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed multicast table printing;
*) bridge - fixed packet forwarding for CAP and BCP controlled interfaces (introduced in v6.48beta12);
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) bridge - increased multicast table size to 4K entries;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed VLAN tagged packet forwarding on "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices (introduced in v6.48beta12);
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID (CLI only);
*) discovery - allow choosing which discovery protocol is used (CLI only);
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) dns - added IPv6 support for DoH;
*) dns - fixed multiple TXT string replies;
*) dns - hide default static entry "type" from export;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - improved long-term filesystem stability and data integrity;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - improved management service stability when receiving bogus packets;
*) ike2 - fixed local side NAT detection;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) lte - added support for Alcatel IK41VE1;
*) snmp - fixed value types for "dot1dStp";
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) wireless - allow setting "tx-power" up to 40;
Other changes since v6.47.2:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) dhcpv6-server - added ability to generate binding on first request;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added "comment" parameter for APN profiles (CLI only);
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS309, CRS317 devices ("/system routerboard upgrade" required);
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) traffic-flow - added NAT event logging support for IPFIX;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
Версия 6.48beta27
2020-08-19
What's new in 6.48beta27 (2020-Aug-18 06:20):
Changes in this release:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - fixed host table update on SNMP query;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed QSFP+ interface linking after reboot for CRS326-24S+2Q+ (introduced in v6.47);
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use "static" interface list by default instead of "!dynamic";
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) interface - added new builtin "static" interface list;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47);
*) lora - expose "joinEui" un "devEui" values in the log;
*) lora - fixed "spoof-gps" parameter padding (introduced in v6.47.1);
*) lte - added "comment" parameter for APN profiles;
*) lte - fixed dynamic DHCP client creation when editing APN profile;
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed case when changing one distribution metric changed metrics for other distribution options;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) ppp - fixed PPP interface editing for the first time after reboot or after 20 seconds;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS309, CRS317 devices ("/system routerboard upgrade" required);
*) routerboot - fixed memory test on CCR2004-1G-12S+2XS ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) sftp - fixed "flash" directory access (introduced in v6.46);
*) smb - fixed file path validation (introduced in v6.46);
*) snmp - fixed "current" value reporting on CCR series devices;
*) snmp - fixed "fan-speed" value reporting on CCR series devices;
*) ssh - skip interactive authentication when not running in interactive mode;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) traffic-flow - added NAT event logging support for IPFIX;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) www - improved WWW service stability when receiving bogus packets;
Other changes since v6.47.1:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) dhcpv6-server - added ability to generate binding on first request;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles (CLI only);
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
Changes in this release:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - fixed host table update on SNMP query;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed QSFP+ interface linking after reboot for CRS326-24S+2Q+ (introduced in v6.47);
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use "static" interface list by default instead of "!dynamic";
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) interface - added new builtin "static" interface list;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47);
*) lora - expose "joinEui" un "devEui" values in the log;
*) lora - fixed "spoof-gps" parameter padding (introduced in v6.47.1);
*) lte - added "comment" parameter for APN profiles;
*) lte - fixed dynamic DHCP client creation when editing APN profile;
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed case when changing one distribution metric changed metrics for other distribution options;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) ppp - fixed PPP interface editing for the first time after reboot or after 20 seconds;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS309, CRS317 devices ("/system routerboard upgrade" required);
*) routerboot - fixed memory test on CCR2004-1G-12S+2XS ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) sftp - fixed "flash" directory access (introduced in v6.46);
*) smb - fixed file path validation (introduced in v6.46);
*) snmp - fixed "current" value reporting on CCR series devices;
*) snmp - fixed "fan-speed" value reporting on CCR series devices;
*) ssh - skip interactive authentication when not running in interactive mode;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) traffic-flow - added NAT event logging support for IPFIX;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) www - improved WWW service stability when receiving bogus packets;
Other changes since v6.47.1:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) dhcpv6-server - added ability to generate binding on first request;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles (CLI only);
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
Версия 6.48beta27
2020-08-19
What's new in 6.48beta27 (2020-Aug-18 06:20):
Changes in this release:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - fixed host table update on SNMP query;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed QSFP+ interface linking after reboot for CRS326-24S+2Q+ (introduced in v6.47);
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use "static" interface list by default instead of "!dynamic";
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) interface - added new builtin "static" interface list;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47);
*) lora - expose "joinEui" un "devEui" values in the log;
*) lora - fixed "spoof-gps" parameter padding (introduced in v6.47.1);
*) lte - added "comment" parameter for APN profiles;
*) lte - fixed dynamic DHCP client creation when editing APN profile;
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed case when changing one distribution metric changed metrics for other distribution options;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) ppp - fixed PPP interface editing for the first time after reboot or after 20 seconds;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS309, CRS317 devices ("/system routerboard upgrade" required);
*) routerboot - fixed memory test on CCR2004-1G-12S+2XS ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) sftp - fixed "flash" directory access (introduced in v6.46);
*) smb - fixed file path validation (introduced in v6.46);
*) snmp - fixed "current" value reporting on CCR series devices;
*) snmp - fixed "fan-speed" value reporting on CCR series devices;
*) ssh - skip interactive authentication when not running in interactive mode;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) traffic-flow - added NAT event logging support for IPFIX;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) www - improved WWW service stability when receiving bogus packets;
Other changes since v6.47.1:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) dhcpv6-server - added ability to generate binding on first request;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles (CLI only);
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
Changes in this release:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - fixed host table update on SNMP query;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed QSFP+ interface linking after reboot for CRS326-24S+2Q+ (introduced in v6.47);
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use "static" interface list by default instead of "!dynamic";
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) interface - added new builtin "static" interface list;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47);
*) lora - expose "joinEui" un "devEui" values in the log;
*) lora - fixed "spoof-gps" parameter padding (introduced in v6.47.1);
*) lte - added "comment" parameter for APN profiles;
*) lte - fixed dynamic DHCP client creation when editing APN profile;
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed case when changing one distribution metric changed metrics for other distribution options;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) ppp - fixed PPP interface editing for the first time after reboot or after 20 seconds;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS309, CRS317 devices ("/system routerboard upgrade" required);
*) routerboot - fixed memory test on CCR2004-1G-12S+2XS ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) sftp - fixed "flash" directory access (introduced in v6.46);
*) smb - fixed file path validation (introduced in v6.46);
*) snmp - fixed "current" value reporting on CCR series devices;
*) snmp - fixed "fan-speed" value reporting on CCR series devices;
*) ssh - skip interactive authentication when not running in interactive mode;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) traffic-flow - added NAT event logging support for IPFIX;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) www - improved WWW service stability when receiving bogus packets;
Other changes since v6.47.1:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) dhcpv6-server - added ability to generate binding on first request;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles (CLI only);
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
Версия 6.48beta27
2020-08-19
What's new in 6.48beta27 (2020-Aug-18 06:20):
Changes in this release:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - fixed host table update on SNMP query;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed QSFP+ interface linking after reboot for CRS326-24S+2Q+ (introduced in v6.47);
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use "static" interface list by default instead of "!dynamic";
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) interface - added new builtin "static" interface list;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47);
*) lora - expose "joinEui" un "devEui" values in the log;
*) lora - fixed "spoof-gps" parameter padding (introduced in v6.47.1);
*) lte - added "comment" parameter for APN profiles;
*) lte - fixed dynamic DHCP client creation when editing APN profile;
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed case when changing one distribution metric changed metrics for other distribution options;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) ppp - fixed PPP interface editing for the first time after reboot or after 20 seconds;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS309, CRS317 devices ("/system routerboard upgrade" required);
*) routerboot - fixed memory test on CCR2004-1G-12S+2XS ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) sftp - fixed "flash" directory access (introduced in v6.46);
*) smb - fixed file path validation (introduced in v6.46);
*) snmp - fixed "current" value reporting on CCR series devices;
*) snmp - fixed "fan-speed" value reporting on CCR series devices;
*) ssh - skip interactive authentication when not running in interactive mode;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) traffic-flow - added NAT event logging support for IPFIX;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) www - improved WWW service stability when receiving bogus packets;
Other changes since v6.47.1:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) dhcpv6-server - added ability to generate binding on first request;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles (CLI only);
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
Changes in this release:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) bridge - allow to exclude interfaces from extended ports (CLI only);
*) bridge - fixed host table update on SNMP query;
*) bridge - show error when switch do not support controlling bridge or port extension (CLI only);
*) bridge - show "H" flag for extended bridge ports;
*) certificate - clear challenge password on renew;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed QSFP+ interface linking after reboot for CRS326-24S+2Q+ (introduced in v6.47);
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use "static" interface list by default instead of "!dynamic";
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) interface - added new builtin "static" interface list;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47);
*) lora - expose "joinEui" un "devEui" values in the log;
*) lora - fixed "spoof-gps" parameter padding (introduced in v6.47.1);
*) lte - added "comment" parameter for APN profiles;
*) lte - fixed dynamic DHCP client creation when editing APN profile;
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed case when changing one distribution metric changed metrics for other distribution options;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) ppp - fixed PPP interface editing for the first time after reboot or after 20 seconds;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS309, CRS317 devices ("/system routerboard upgrade" required);
*) routerboot - fixed memory test on CCR2004-1G-12S+2XS ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) sftp - fixed "flash" directory access (introduced in v6.46);
*) smb - fixed file path validation (introduced in v6.46);
*) snmp - fixed "current" value reporting on CCR series devices;
*) snmp - fixed "fan-speed" value reporting on CCR series devices;
*) ssh - skip interactive authentication when not running in interactive mode;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) traffic-flow - added NAT event logging support for IPFIX;
*) webfig - fixed default value presence when creating new entries under "IP->Kid Control";
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) www - improved WWW service stability when receiving bogus packets;
Other changes since v6.47.1:
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) dhcpv6-server - added ability to generate binding on first request;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - improved long-term filesystem stability and data integrity;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - improved child SA rekeying process;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles (CLI only);
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
Версия 6.48beta12
2020-07-07
What's new in 6.48beta12 (2020-Jul-06 13:33):
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dns - do not allow setting "forward-to" same as "name" or "regex";
*) dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
*) dns - do not use DoH for local queries when a server is specified;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed HotSpot "address-per-mac" parameter export;
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) filesystem - improved long-term filesystem stability and data integrity;
*) ftp - fixed possible buffer overflow;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - fixed initiator child SA init without policy;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - improved child SA rekeying process;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) lora - added "spoof-gps" parameter for fake GPS coordinate sending;
*) lora - fixed JSON statistics inaccuracies;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles (CLI only);
*) lte - added support for MTS 8810FT;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - improved route tag processing for OSPFv3;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed auto-negotiation status;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) routerboard - fixed "reset-button" menu presence on all devices;
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) supout - added "LoRa" section to supout file;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed flag displaying under "IP/DNS/Static" table;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "BGP/Peer" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - hide irrelevant switch port parameters;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dns - do not allow setting "forward-to" same as "name" or "regex";
*) dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
*) dns - do not use DoH for local queries when a server is specified;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed HotSpot "address-per-mac" parameter export;
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) filesystem - improved long-term filesystem stability and data integrity;
*) ftp - fixed possible buffer overflow;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - fixed initiator child SA init without policy;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - improved child SA rekeying process;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) lora - added "spoof-gps" parameter for fake GPS coordinate sending;
*) lora - fixed JSON statistics inaccuracies;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles (CLI only);
*) lte - added support for MTS 8810FT;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - improved route tag processing for OSPFv3;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed auto-negotiation status;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) routerboard - fixed "reset-button" menu presence on all devices;
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) supout - added "LoRa" section to supout file;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed flag displaying under "IP/DNS/Static" table;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "BGP/Peer" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - hide irrelevant switch port parameters;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
Версия 6.48beta12
2020-07-07
What's new in 6.48beta12 (2020-Jul-06 13:33):
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dns - do not allow setting "forward-to" same as "name" or "regex";
*) dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
*) dns - do not use DoH for local queries when a server is specified;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed HotSpot "address-per-mac" parameter export;
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) filesystem - improved long-term filesystem stability and data integrity;
*) ftp - fixed possible buffer overflow;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - fixed initiator child SA init without policy;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - improved child SA rekeying process;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) lora - added "spoof-gps" parameter for fake GPS coordinate sending;
*) lora - fixed JSON statistics inaccuracies;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles (CLI only);
*) lte - added support for MTS 8810FT;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - improved route tag processing for OSPFv3;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed auto-negotiation status;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) routerboard - fixed "reset-button" menu presence on all devices;
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) supout - added "LoRa" section to supout file;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed flag displaying under "IP/DNS/Static" table;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "BGP/Peer" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - hide irrelevant switch port parameters;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dns - do not allow setting "forward-to" same as "name" or "regex";
*) dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
*) dns - do not use DoH for local queries when a server is specified;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed HotSpot "address-per-mac" parameter export;
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) filesystem - improved long-term filesystem stability and data integrity;
*) ftp - fixed possible buffer overflow;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - fixed initiator child SA init without policy;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - improved child SA rekeying process;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) lora - added "spoof-gps" parameter for fake GPS coordinate sending;
*) lora - fixed JSON statistics inaccuracies;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles (CLI only);
*) lte - added support for MTS 8810FT;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - improved route tag processing for OSPFv3;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed auto-negotiation status;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) routerboard - fixed "reset-button" menu presence on all devices;
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) supout - added "LoRa" section to supout file;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed flag displaying under "IP/DNS/Static" table;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "BGP/Peer" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - hide irrelevant switch port parameters;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
Версия 6.48beta12
2020-07-07
What's new in 6.48beta12 (2020-Jul-06 13:33):
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dns - do not allow setting "forward-to" same as "name" or "regex";
*) dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
*) dns - do not use DoH for local queries when a server is specified;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed HotSpot "address-per-mac" parameter export;
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) filesystem - improved long-term filesystem stability and data integrity;
*) ftp - fixed possible buffer overflow;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - fixed initiator child SA init without policy;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - improved child SA rekeying process;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) lora - added "spoof-gps" parameter for fake GPS coordinate sending;
*) lora - fixed JSON statistics inaccuracies;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles (CLI only);
*) lte - added support for MTS 8810FT;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - improved route tag processing for OSPFv3;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed auto-negotiation status;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) routerboard - fixed "reset-button" menu presence on all devices;
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) supout - added "LoRa" section to supout file;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed flag displaying under "IP/DNS/Static" table;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "BGP/Peer" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - hide irrelevant switch port parameters;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) bonding - added LACP monitoring (CLI only);
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - improved BPDU guard logging;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) crs3xx - added initial Bridge Port Extender support (CLI only);
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (CLI only);
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dns - do not allow setting "forward-to" same as "name" or "regex";
*) dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
*) dns - do not use DoH for local queries when a server is specified;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) export - fixed HotSpot "address-per-mac" parameter export;
*) export - fixed RouterBOARD USB "type" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) filesystem - improved long-term filesystem stability and data integrity;
*) ftp - fixed possible buffer overflow;
*) ike1 - allow using "my-id" parameter with XAuth;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - fixed initiator child SA init without policy;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - improved child SA rekeying process;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - added SHA384 hash algorithm support for phase 1 (CLI only);
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) kidcontrol - allow creating static device entries without assigned user;
*) lora - added "spoof-gps" parameter for fake GPS coordinate sending;
*) lora - fixed JSON statistics inaccuracies;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles (CLI only);
*) lte - added support for MTS 8810FT;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - improved route tag processing for OSPFv3;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed auto-negotiation status;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) routerboard - fixed "reset-button" menu presence on all devices;
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) supout - added "LoRa" section to supout file;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - fixed flag displaying under "IP/DNS/Static" table;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed minor typo in "BGP/Peer" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - hide irrelevant switch port parameters;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
Версия 6.47rc2
2020-05-26
What's new in 6.47rc2 (2020-May-25 12:30):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) api - added ECDHE cipher support for "api-ssl" service;
*) bonding - fixed ALB and TLB bonding modes after interface disable/enable (introduced in v6.47beta19);
*) bonding - fixed packet receiving on bonding slave ports (introduced in v6.47beta19);
*) bridge - added warning message when a bridge port gets dynamically added to VLAN range;
*) chr - added support for hardware watchdog on ESXI;
*) crs3xx - fixed tagged VLAN packet receiving on Ethernet interfaces for CRS354 devices (introduced in v6.47beta49);
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-server - do not require "server" parameter for bindings;
*) dns - added support for multiple type static entries;
*) dot1x - added "radius-mac-format" parameter;
*) dot1x - improved Dot1X service stability when receiving bogus packets;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients;
*) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
*) ike2 - added support for RFC8598;
*) ike2 - allow initiator address change before authentication;
*) ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
*) interface - improved system stability when receiving bogus packets;
*) ipsec - added "split-dns" parameter support for mode configuration;
*) ipsec - added "use-responder-dns" parameter support;
*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - place dynamically created IPsec policies at the begining of the table;
*) l2tp - added "src-address" parameter for L2TP client;
*) l2tp - added "use-peer-dns" parameter for L2TP client;
*) l2tp - improved dynamically created IPsec configuration updating;
*) l2tp - use L2TP interface when adding dynamic IPsec peer;
*) lcd - improved general system stability when LCD is not present;
*) log - added logging entry when changing user's password;
*) log - added tunnel endpoint address to establishment and disconnect logging entries;
*) log - fixed logging topic for MAC address learning on a different bridge port events;
*) log - made startup script failures log as critical errors;
*) lte - fixed "band" parameter persistence after disable/enable;
*) lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
*) lte - fixed VLAN interface passthrough support;
*) lte - improved stability during firmware upgrade;
*) netwatch - improved Netwatch service stability when invalid configuration values are passed;
*) ovpn - added "use-peer-dns" parameter for OVPN client;
*) poe - fixed missing PoE out settings on CRS354-48P-4S+2Q (introduced in v6.47beta49);
*) port - removed serial console port on hEX S;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) pptp - added "use-peer-dns" parameter for PPTP client;
*) profile - added support for CCR2004-1G-12S+2XS;
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) routerboard - added "hold-time" parameter to mode-button menu;
*) routerboard - added "reset-button" menu - custom command execution with reset button;
*) routing - improved routing service stability when receiving bogus packets;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
*) sfp28 - fixed interface linking after power cycle on CCR2004-1G-12S+2XS (introduced in v6.47beta49);
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) tr069-client - added LTE firmware update functionality support;
*) tr069-client - added additional LTE information parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added interface type parameter support;
*) tr069-client - added multiple simultaneous session support for diagnostics test;
*) tr069-client - added total connection tracking entries parameter;
*) ups - added battery info for APC SmartUPS 2200;
*) webfig - fixed 5GHz wireless interface "frequency" parameter value list on Audience;
*) winbox - added "auth-info" parameter under "Dot1X->Active" menu;
*) winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
*) winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
*) winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
*) winbox - added "comment" parameter for Dot1X client;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - added "skip-dfs-channels" parameter to wireless interface menu;
*) winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
*) winbox - fixed wireless sniffer parameter setting;
*) wireless - fixed Nstreme wireless protocol performance decrease;
*) wireless - updated "egypt" regulatory domain information;
Other changes since v6.46.6:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - improved branding package installation process when another branding package is already installed;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - improved switch host table updating;
*) crs3xx - improved system stability when creating multiple hardware offloaded bonding interfaces (introduced in v6.47beta49);
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved disk management service stability when receiving bogus packets;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);
*) dns - added support for multiple type static entries (CLI only);
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients (CLI only);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) graphing - improved graphing service stability when receiving bogus packets;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - allow specifying two peers for a single policy for failover (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - fixed minor typo in LED warning message;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved stability during firmware upgrade process;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routerboard - added "hold-time" parameter to mode-button menu (CLI only);
*) routerboard - added "reset-button" menu - custom command execution with reset button (CLI only);
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - improved SSH service stability when receiving bogus packets;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - fixed missing switch statistics (introduced in v6.47beta49);
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user - improved user management service stability when receiving bogus packets;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - allow to specify any ethernet like interface under "Tool/WoL" menu;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) api - added ECDHE cipher support for "api-ssl" service;
*) bonding - fixed ALB and TLB bonding modes after interface disable/enable (introduced in v6.47beta19);
*) bonding - fixed packet receiving on bonding slave ports (introduced in v6.47beta19);
*) bridge - added warning message when a bridge port gets dynamically added to VLAN range;
*) chr - added support for hardware watchdog on ESXI;
*) crs3xx - fixed tagged VLAN packet receiving on Ethernet interfaces for CRS354 devices (introduced in v6.47beta49);
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-server - do not require "server" parameter for bindings;
*) dns - added support for multiple type static entries;
*) dot1x - added "radius-mac-format" parameter;
*) dot1x - improved Dot1X service stability when receiving bogus packets;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients;
*) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
*) ike2 - added support for RFC8598;
*) ike2 - allow initiator address change before authentication;
*) ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
*) interface - improved system stability when receiving bogus packets;
*) ipsec - added "split-dns" parameter support for mode configuration;
*) ipsec - added "use-responder-dns" parameter support;
*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - place dynamically created IPsec policies at the begining of the table;
*) l2tp - added "src-address" parameter for L2TP client;
*) l2tp - added "use-peer-dns" parameter for L2TP client;
*) l2tp - improved dynamically created IPsec configuration updating;
*) l2tp - use L2TP interface when adding dynamic IPsec peer;
*) lcd - improved general system stability when LCD is not present;
*) log - added logging entry when changing user's password;
*) log - added tunnel endpoint address to establishment and disconnect logging entries;
*) log - fixed logging topic for MAC address learning on a different bridge port events;
*) log - made startup script failures log as critical errors;
*) lte - fixed "band" parameter persistence after disable/enable;
*) lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
*) lte - fixed VLAN interface passthrough support;
*) lte - improved stability during firmware upgrade;
*) netwatch - improved Netwatch service stability when invalid configuration values are passed;
*) ovpn - added "use-peer-dns" parameter for OVPN client;
*) poe - fixed missing PoE out settings on CRS354-48P-4S+2Q (introduced in v6.47beta49);
*) port - removed serial console port on hEX S;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) pptp - added "use-peer-dns" parameter for PPTP client;
*) profile - added support for CCR2004-1G-12S+2XS;
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) routerboard - added "hold-time" parameter to mode-button menu;
*) routerboard - added "reset-button" menu - custom command execution with reset button;
*) routing - improved routing service stability when receiving bogus packets;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
*) sfp28 - fixed interface linking after power cycle on CCR2004-1G-12S+2XS (introduced in v6.47beta49);
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) tr069-client - added LTE firmware update functionality support;
*) tr069-client - added additional LTE information parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added interface type parameter support;
*) tr069-client - added multiple simultaneous session support for diagnostics test;
*) tr069-client - added total connection tracking entries parameter;
*) ups - added battery info for APC SmartUPS 2200;
*) webfig - fixed 5GHz wireless interface "frequency" parameter value list on Audience;
*) winbox - added "auth-info" parameter under "Dot1X->Active" menu;
*) winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
*) winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
*) winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
*) winbox - added "comment" parameter for Dot1X client;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - added "skip-dfs-channels" parameter to wireless interface menu;
*) winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
*) winbox - fixed wireless sniffer parameter setting;
*) wireless - fixed Nstreme wireless protocol performance decrease;
*) wireless - updated "egypt" regulatory domain information;
Other changes since v6.46.6:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - improved branding package installation process when another branding package is already installed;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - improved switch host table updating;
*) crs3xx - improved system stability when creating multiple hardware offloaded bonding interfaces (introduced in v6.47beta49);
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved disk management service stability when receiving bogus packets;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);
*) dns - added support for multiple type static entries (CLI only);
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients (CLI only);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) graphing - improved graphing service stability when receiving bogus packets;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - allow specifying two peers for a single policy for failover (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - fixed minor typo in LED warning message;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved stability during firmware upgrade process;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routerboard - added "hold-time" parameter to mode-button menu (CLI only);
*) routerboard - added "reset-button" menu - custom command execution with reset button (CLI only);
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - improved SSH service stability when receiving bogus packets;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - fixed missing switch statistics (introduced in v6.47beta49);
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user - improved user management service stability when receiving bogus packets;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - allow to specify any ethernet like interface under "Tool/WoL" menu;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47rc2
2020-05-26
What's new in 6.47rc2 (2020-May-25 12:30):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) api - added ECDHE cipher support for "api-ssl" service;
*) bonding - fixed ALB and TLB bonding modes after interface disable/enable (introduced in v6.47beta19);
*) bonding - fixed packet receiving on bonding slave ports (introduced in v6.47beta19);
*) bridge - added warning message when a bridge port gets dynamically added to VLAN range;
*) chr - added support for hardware watchdog on ESXI;
*) crs3xx - fixed tagged VLAN packet receiving on Ethernet interfaces for CRS354 devices (introduced in v6.47beta49);
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-server - do not require "server" parameter for bindings;
*) dns - added support for multiple type static entries;
*) dot1x - added "radius-mac-format" parameter;
*) dot1x - improved Dot1X service stability when receiving bogus packets;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients;
*) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
*) ike2 - added support for RFC8598;
*) ike2 - allow initiator address change before authentication;
*) ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
*) interface - improved system stability when receiving bogus packets;
*) ipsec - added "split-dns" parameter support for mode configuration;
*) ipsec - added "use-responder-dns" parameter support;
*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - place dynamically created IPsec policies at the begining of the table;
*) l2tp - added "src-address" parameter for L2TP client;
*) l2tp - added "use-peer-dns" parameter for L2TP client;
*) l2tp - improved dynamically created IPsec configuration updating;
*) l2tp - use L2TP interface when adding dynamic IPsec peer;
*) lcd - improved general system stability when LCD is not present;
*) log - added logging entry when changing user's password;
*) log - added tunnel endpoint address to establishment and disconnect logging entries;
*) log - fixed logging topic for MAC address learning on a different bridge port events;
*) log - made startup script failures log as critical errors;
*) lte - fixed "band" parameter persistence after disable/enable;
*) lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
*) lte - fixed VLAN interface passthrough support;
*) lte - improved stability during firmware upgrade;
*) netwatch - improved Netwatch service stability when invalid configuration values are passed;
*) ovpn - added "use-peer-dns" parameter for OVPN client;
*) poe - fixed missing PoE out settings on CRS354-48P-4S+2Q (introduced in v6.47beta49);
*) port - removed serial console port on hEX S;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) pptp - added "use-peer-dns" parameter for PPTP client;
*) profile - added support for CCR2004-1G-12S+2XS;
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) routerboard - added "hold-time" parameter to mode-button menu;
*) routerboard - added "reset-button" menu - custom command execution with reset button;
*) routing - improved routing service stability when receiving bogus packets;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
*) sfp28 - fixed interface linking after power cycle on CCR2004-1G-12S+2XS (introduced in v6.47beta49);
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) tr069-client - added LTE firmware update functionality support;
*) tr069-client - added additional LTE information parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added interface type parameter support;
*) tr069-client - added multiple simultaneous session support for diagnostics test;
*) tr069-client - added total connection tracking entries parameter;
*) ups - added battery info for APC SmartUPS 2200;
*) webfig - fixed 5GHz wireless interface "frequency" parameter value list on Audience;
*) winbox - added "auth-info" parameter under "Dot1X->Active" menu;
*) winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
*) winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
*) winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
*) winbox - added "comment" parameter for Dot1X client;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - added "skip-dfs-channels" parameter to wireless interface menu;
*) winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
*) winbox - fixed wireless sniffer parameter setting;
*) wireless - fixed Nstreme wireless protocol performance decrease;
*) wireless - updated "egypt" regulatory domain information;
Other changes since v6.46.6:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - improved branding package installation process when another branding package is already installed;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - improved switch host table updating;
*) crs3xx - improved system stability when creating multiple hardware offloaded bonding interfaces (introduced in v6.47beta49);
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved disk management service stability when receiving bogus packets;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);
*) dns - added support for multiple type static entries (CLI only);
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients (CLI only);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) graphing - improved graphing service stability when receiving bogus packets;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - allow specifying two peers for a single policy for failover (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - fixed minor typo in LED warning message;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved stability during firmware upgrade process;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routerboard - added "hold-time" parameter to mode-button menu (CLI only);
*) routerboard - added "reset-button" menu - custom command execution with reset button (CLI only);
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - improved SSH service stability when receiving bogus packets;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - fixed missing switch statistics (introduced in v6.47beta49);
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user - improved user management service stability when receiving bogus packets;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - allow to specify any ethernet like interface under "Tool/WoL" menu;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) api - added ECDHE cipher support for "api-ssl" service;
*) bonding - fixed ALB and TLB bonding modes after interface disable/enable (introduced in v6.47beta19);
*) bonding - fixed packet receiving on bonding slave ports (introduced in v6.47beta19);
*) bridge - added warning message when a bridge port gets dynamically added to VLAN range;
*) chr - added support for hardware watchdog on ESXI;
*) crs3xx - fixed tagged VLAN packet receiving on Ethernet interfaces for CRS354 devices (introduced in v6.47beta49);
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-server - do not require "server" parameter for bindings;
*) dns - added support for multiple type static entries;
*) dot1x - added "radius-mac-format" parameter;
*) dot1x - improved Dot1X service stability when receiving bogus packets;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients;
*) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
*) ike2 - added support for RFC8598;
*) ike2 - allow initiator address change before authentication;
*) ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
*) interface - improved system stability when receiving bogus packets;
*) ipsec - added "split-dns" parameter support for mode configuration;
*) ipsec - added "use-responder-dns" parameter support;
*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - place dynamically created IPsec policies at the begining of the table;
*) l2tp - added "src-address" parameter for L2TP client;
*) l2tp - added "use-peer-dns" parameter for L2TP client;
*) l2tp - improved dynamically created IPsec configuration updating;
*) l2tp - use L2TP interface when adding dynamic IPsec peer;
*) lcd - improved general system stability when LCD is not present;
*) log - added logging entry when changing user's password;
*) log - added tunnel endpoint address to establishment and disconnect logging entries;
*) log - fixed logging topic for MAC address learning on a different bridge port events;
*) log - made startup script failures log as critical errors;
*) lte - fixed "band" parameter persistence after disable/enable;
*) lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
*) lte - fixed VLAN interface passthrough support;
*) lte - improved stability during firmware upgrade;
*) netwatch - improved Netwatch service stability when invalid configuration values are passed;
*) ovpn - added "use-peer-dns" parameter for OVPN client;
*) poe - fixed missing PoE out settings on CRS354-48P-4S+2Q (introduced in v6.47beta49);
*) port - removed serial console port on hEX S;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) pptp - added "use-peer-dns" parameter for PPTP client;
*) profile - added support for CCR2004-1G-12S+2XS;
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) routerboard - added "hold-time" parameter to mode-button menu;
*) routerboard - added "reset-button" menu - custom command execution with reset button;
*) routing - improved routing service stability when receiving bogus packets;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
*) sfp28 - fixed interface linking after power cycle on CCR2004-1G-12S+2XS (introduced in v6.47beta49);
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) tr069-client - added LTE firmware update functionality support;
*) tr069-client - added additional LTE information parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added interface type parameter support;
*) tr069-client - added multiple simultaneous session support for diagnostics test;
*) tr069-client - added total connection tracking entries parameter;
*) ups - added battery info for APC SmartUPS 2200;
*) webfig - fixed 5GHz wireless interface "frequency" parameter value list on Audience;
*) winbox - added "auth-info" parameter under "Dot1X->Active" menu;
*) winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
*) winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
*) winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
*) winbox - added "comment" parameter for Dot1X client;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - added "skip-dfs-channels" parameter to wireless interface menu;
*) winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
*) winbox - fixed wireless sniffer parameter setting;
*) wireless - fixed Nstreme wireless protocol performance decrease;
*) wireless - updated "egypt" regulatory domain information;
Other changes since v6.46.6:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - improved branding package installation process when another branding package is already installed;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - improved switch host table updating;
*) crs3xx - improved system stability when creating multiple hardware offloaded bonding interfaces (introduced in v6.47beta49);
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved disk management service stability when receiving bogus packets;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);
*) dns - added support for multiple type static entries (CLI only);
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients (CLI only);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) graphing - improved graphing service stability when receiving bogus packets;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - allow specifying two peers for a single policy for failover (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - fixed minor typo in LED warning message;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved stability during firmware upgrade process;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routerboard - added "hold-time" parameter to mode-button menu (CLI only);
*) routerboard - added "reset-button" menu - custom command execution with reset button (CLI only);
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - improved SSH service stability when receiving bogus packets;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - fixed missing switch statistics (introduced in v6.47beta49);
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user - improved user management service stability when receiving bogus packets;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - allow to specify any ethernet like interface under "Tool/WoL" menu;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47rc2
2020-05-26
What's new in 6.47rc2 (2020-May-25 12:30):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) api - added ECDHE cipher support for "api-ssl" service;
*) bonding - fixed ALB and TLB bonding modes after interface disable/enable (introduced in v6.47beta19);
*) bonding - fixed packet receiving on bonding slave ports (introduced in v6.47beta19);
*) bridge - added warning message when a bridge port gets dynamically added to VLAN range;
*) chr - added support for hardware watchdog on ESXI;
*) crs3xx - fixed tagged VLAN packet receiving on Ethernet interfaces for CRS354 devices (introduced in v6.47beta49);
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-server - do not require "server" parameter for bindings;
*) dns - added support for multiple type static entries;
*) dot1x - added "radius-mac-format" parameter;
*) dot1x - improved Dot1X service stability when receiving bogus packets;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients;
*) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
*) ike2 - added support for RFC8598;
*) ike2 - allow initiator address change before authentication;
*) ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
*) interface - improved system stability when receiving bogus packets;
*) ipsec - added "split-dns" parameter support for mode configuration;
*) ipsec - added "use-responder-dns" parameter support;
*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - place dynamically created IPsec policies at the begining of the table;
*) l2tp - added "src-address" parameter for L2TP client;
*) l2tp - added "use-peer-dns" parameter for L2TP client;
*) l2tp - improved dynamically created IPsec configuration updating;
*) l2tp - use L2TP interface when adding dynamic IPsec peer;
*) lcd - improved general system stability when LCD is not present;
*) log - added logging entry when changing user's password;
*) log - added tunnel endpoint address to establishment and disconnect logging entries;
*) log - fixed logging topic for MAC address learning on a different bridge port events;
*) log - made startup script failures log as critical errors;
*) lte - fixed "band" parameter persistence after disable/enable;
*) lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
*) lte - fixed VLAN interface passthrough support;
*) lte - improved stability during firmware upgrade;
*) netwatch - improved Netwatch service stability when invalid configuration values are passed;
*) ovpn - added "use-peer-dns" parameter for OVPN client;
*) poe - fixed missing PoE out settings on CRS354-48P-4S+2Q (introduced in v6.47beta49);
*) port - removed serial console port on hEX S;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) pptp - added "use-peer-dns" parameter for PPTP client;
*) profile - added support for CCR2004-1G-12S+2XS;
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) routerboard - added "hold-time" parameter to mode-button menu;
*) routerboard - added "reset-button" menu - custom command execution with reset button;
*) routing - improved routing service stability when receiving bogus packets;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
*) sfp28 - fixed interface linking after power cycle on CCR2004-1G-12S+2XS (introduced in v6.47beta49);
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) tr069-client - added LTE firmware update functionality support;
*) tr069-client - added additional LTE information parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added interface type parameter support;
*) tr069-client - added multiple simultaneous session support for diagnostics test;
*) tr069-client - added total connection tracking entries parameter;
*) ups - added battery info for APC SmartUPS 2200;
*) webfig - fixed 5GHz wireless interface "frequency" parameter value list on Audience;
*) winbox - added "auth-info" parameter under "Dot1X->Active" menu;
*) winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
*) winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
*) winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
*) winbox - added "comment" parameter for Dot1X client;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - added "skip-dfs-channels" parameter to wireless interface menu;
*) winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
*) winbox - fixed wireless sniffer parameter setting;
*) wireless - fixed Nstreme wireless protocol performance decrease;
*) wireless - updated "egypt" regulatory domain information;
Other changes since v6.46.6:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - improved branding package installation process when another branding package is already installed;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - improved switch host table updating;
*) crs3xx - improved system stability when creating multiple hardware offloaded bonding interfaces (introduced in v6.47beta49);
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved disk management service stability when receiving bogus packets;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);
*) dns - added support for multiple type static entries (CLI only);
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients (CLI only);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) graphing - improved graphing service stability when receiving bogus packets;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - allow specifying two peers for a single policy for failover (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - fixed minor typo in LED warning message;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved stability during firmware upgrade process;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routerboard - added "hold-time" parameter to mode-button menu (CLI only);
*) routerboard - added "reset-button" menu - custom command execution with reset button (CLI only);
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - improved SSH service stability when receiving bogus packets;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - fixed missing switch statistics (introduced in v6.47beta49);
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user - improved user management service stability when receiving bogus packets;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - allow to specify any ethernet like interface under "Tool/WoL" menu;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) api - added ECDHE cipher support for "api-ssl" service;
*) bonding - fixed ALB and TLB bonding modes after interface disable/enable (introduced in v6.47beta19);
*) bonding - fixed packet receiving on bonding slave ports (introduced in v6.47beta19);
*) bridge - added warning message when a bridge port gets dynamically added to VLAN range;
*) chr - added support for hardware watchdog on ESXI;
*) crs3xx - fixed tagged VLAN packet receiving on Ethernet interfaces for CRS354 devices (introduced in v6.47beta49);
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-server - do not require "server" parameter for bindings;
*) dns - added support for multiple type static entries;
*) dot1x - added "radius-mac-format" parameter;
*) dot1x - improved Dot1X service stability when receiving bogus packets;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients;
*) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
*) ike2 - added support for RFC8598;
*) ike2 - allow initiator address change before authentication;
*) ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
*) interface - improved system stability when receiving bogus packets;
*) ipsec - added "split-dns" parameter support for mode configuration;
*) ipsec - added "use-responder-dns" parameter support;
*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - place dynamically created IPsec policies at the begining of the table;
*) l2tp - added "src-address" parameter for L2TP client;
*) l2tp - added "use-peer-dns" parameter for L2TP client;
*) l2tp - improved dynamically created IPsec configuration updating;
*) l2tp - use L2TP interface when adding dynamic IPsec peer;
*) lcd - improved general system stability when LCD is not present;
*) log - added logging entry when changing user's password;
*) log - added tunnel endpoint address to establishment and disconnect logging entries;
*) log - fixed logging topic for MAC address learning on a different bridge port events;
*) log - made startup script failures log as critical errors;
*) lte - fixed "band" parameter persistence after disable/enable;
*) lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
*) lte - fixed VLAN interface passthrough support;
*) lte - improved stability during firmware upgrade;
*) netwatch - improved Netwatch service stability when invalid configuration values are passed;
*) ovpn - added "use-peer-dns" parameter for OVPN client;
*) poe - fixed missing PoE out settings on CRS354-48P-4S+2Q (introduced in v6.47beta49);
*) port - removed serial console port on hEX S;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) pptp - added "use-peer-dns" parameter for PPTP client;
*) profile - added support for CCR2004-1G-12S+2XS;
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) routerboard - added "hold-time" parameter to mode-button menu;
*) routerboard - added "reset-button" menu - custom command execution with reset button;
*) routing - improved routing service stability when receiving bogus packets;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
*) sfp28 - fixed interface linking after power cycle on CCR2004-1G-12S+2XS (introduced in v6.47beta49);
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) tr069-client - added LTE firmware update functionality support;
*) tr069-client - added additional LTE information parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added interface type parameter support;
*) tr069-client - added multiple simultaneous session support for diagnostics test;
*) tr069-client - added total connection tracking entries parameter;
*) ups - added battery info for APC SmartUPS 2200;
*) webfig - fixed 5GHz wireless interface "frequency" parameter value list on Audience;
*) winbox - added "auth-info" parameter under "Dot1X->Active" menu;
*) winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
*) winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
*) winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
*) winbox - added "comment" parameter for Dot1X client;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - added "skip-dfs-channels" parameter to wireless interface menu;
*) winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
*) winbox - fixed wireless sniffer parameter setting;
*) wireless - fixed Nstreme wireless protocol performance decrease;
*) wireless - updated "egypt" regulatory domain information;
Other changes since v6.46.6:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - improved branding package installation process when another branding package is already installed;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - improved switch host table updating;
*) crs3xx - improved system stability when creating multiple hardware offloaded bonding interfaces (introduced in v6.47beta49);
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved disk management service stability when receiving bogus packets;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);
*) dns - added support for multiple type static entries (CLI only);
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients (CLI only);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) graphing - improved graphing service stability when receiving bogus packets;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - allow specifying two peers for a single policy for failover (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - fixed minor typo in LED warning message;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved stability during firmware upgrade process;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routerboard - added "hold-time" parameter to mode-button menu (CLI only);
*) routerboard - added "reset-button" menu - custom command execution with reset button (CLI only);
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - improved SSH service stability when receiving bogus packets;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - fixed missing switch statistics (introduced in v6.47beta49);
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user - improved user management service stability when receiving bogus packets;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - allow to specify any ethernet like interface under "Tool/WoL" menu;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta8
2019-12-10
What's new in 6.47beta8 (2019-Dec-10 10:33):
Changes in this release:
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) defconf - fixed default configuration loading after fresh install (introduced in v6.46);
*) dhcpv6-client - improved error logging when when renewed address differs;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) health - improved health reporting on CCR1072-1G-8S+;
*) ipsec - improved system stability when processing decrypted packet on unregistred interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) lora - improved confirmed downlink forwarding;
*) lte - do not reset modem when setting the same SIM slot on LtAP;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - show SIM error when no card is present;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed health related OID polling (introduced in v6.46);
*) snmp - improved stability when polling MAC address related OID;
*) supout - fixed autosupout.rif file generation (introduced in v6.46);
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - fixed "allowed-number" parameter setting invalid value in "Tool/SMS" menu;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - improved compatibility by adding default installation mode and gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
Changes in this release:
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) defconf - fixed default configuration loading after fresh install (introduced in v6.46);
*) dhcpv6-client - improved error logging when when renewed address differs;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) health - improved health reporting on CCR1072-1G-8S+;
*) ipsec - improved system stability when processing decrypted packet on unregistred interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) lora - improved confirmed downlink forwarding;
*) lte - do not reset modem when setting the same SIM slot on LtAP;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - show SIM error when no card is present;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed health related OID polling (introduced in v6.46);
*) snmp - improved stability when polling MAC address related OID;
*) supout - fixed autosupout.rif file generation (introduced in v6.46);
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - fixed "allowed-number" parameter setting invalid value in "Tool/SMS" menu;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - improved compatibility by adding default installation mode and gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
Версия 6.47beta8
2019-12-10
What's new in 6.47beta8 (2019-Dec-10 10:33):
Changes in this release:
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) defconf - fixed default configuration loading after fresh install (introduced in v6.46);
*) dhcpv6-client - improved error logging when when renewed address differs;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) health - improved health reporting on CCR1072-1G-8S+;
*) ipsec - improved system stability when processing decrypted packet on unregistred interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) lora - improved confirmed downlink forwarding;
*) lte - do not reset modem when setting the same SIM slot on LtAP;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - show SIM error when no card is present;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed health related OID polling (introduced in v6.46);
*) snmp - improved stability when polling MAC address related OID;
*) supout - fixed autosupout.rif file generation (introduced in v6.46);
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - fixed "allowed-number" parameter setting invalid value in "Tool/SMS" menu;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - improved compatibility by adding default installation mode and gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
Changes in this release:
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) defconf - fixed default configuration loading after fresh install (introduced in v6.46);
*) dhcpv6-client - improved error logging when when renewed address differs;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) health - improved health reporting on CCR1072-1G-8S+;
*) ipsec - improved system stability when processing decrypted packet on unregistred interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) lora - improved confirmed downlink forwarding;
*) lte - do not reset modem when setting the same SIM slot on LtAP;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - show SIM error when no card is present;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed health related OID polling (introduced in v6.46);
*) snmp - improved stability when polling MAC address related OID;
*) supout - fixed autosupout.rif file generation (introduced in v6.46);
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - fixed "allowed-number" parameter setting invalid value in "Tool/SMS" menu;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - improved compatibility by adding default installation mode and gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
Версия 6.47beta8
2019-12-10
What's new in 6.47beta8 (2019-Dec-10 10:33):
Changes in this release:
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) defconf - fixed default configuration loading after fresh install (introduced in v6.46);
*) dhcpv6-client - improved error logging when when renewed address differs;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) health - improved health reporting on CCR1072-1G-8S+;
*) ipsec - improved system stability when processing decrypted packet on unregistred interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) lora - improved confirmed downlink forwarding;
*) lte - do not reset modem when setting the same SIM slot on LtAP;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - show SIM error when no card is present;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed health related OID polling (introduced in v6.46);
*) snmp - improved stability when polling MAC address related OID;
*) supout - fixed autosupout.rif file generation (introduced in v6.46);
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - fixed "allowed-number" parameter setting invalid value in "Tool/SMS" menu;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - improved compatibility by adding default installation mode and gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
Changes in this release:
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) defconf - fixed default configuration loading after fresh install (introduced in v6.46);
*) dhcpv6-client - improved error logging when when renewed address differs;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) health - improved health reporting on CCR1072-1G-8S+;
*) ipsec - improved system stability when processing decrypted packet on unregistred interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) lora - improved confirmed downlink forwarding;
*) lte - do not reset modem when setting the same SIM slot on LtAP;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - show SIM error when no card is present;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed health related OID polling (introduced in v6.46);
*) snmp - improved stability when polling MAC address related OID;
*) supout - fixed autosupout.rif file generation (introduced in v6.46);
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - fixed "allowed-number" parameter setting invalid value in "Tool/SMS" menu;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - improved compatibility by adding default installation mode and gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
Версия 6.47beta60
2020-05-19
What's new in 6.47beta60 (2020-Apr-24 07:38):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
*) branding - improved branding package installation process when another branding package is already installed;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) crs3xx - improved system stability when creating multiple hardware offloaded bonding interfaces (introduced in v6.47beta49);
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed default IP address assigning on non-paired 60 GHz devices;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);
*) dns - added support for multiple type static entries (CLI only);
*) email - added support for multiple "to" recipients (CLI only);
*) graphing - improved graphing service stability when receiving bogus packets;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - allow specifying two peers for a single policy for failover (CLI only);
*) lora - added "altitude", "latitude" and "longitude" to stat json if GPS is available;
*) lte - improved stability during firmware upgrade process;
*) routerboard - added "hold-time" parameter to mode-button menu (CLI only);
*) routerboard - added "reset-button" menu - custom command execution with reset button (CLI only);
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) ssh - improved SSH service stability when receiving bogus packets;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - fixed missing switch statistics (introduced in v6.47beta49);
*) user - improved user management service stability when receiving bogus packets;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - allow to specify any ethernet like interface under "Tool/WoL" menu;
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed memory leak (introduced in v6.46.4);
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - increased limit of multi-entry fields to 100;
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "south africa" regulatory domain information;
Other changes since v6.46.5:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - fixed minor typo in LED warning message;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed multiple LTE interface OID reporting;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
*) branding - improved branding package installation process when another branding package is already installed;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) crs3xx - improved system stability when creating multiple hardware offloaded bonding interfaces (introduced in v6.47beta49);
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed default IP address assigning on non-paired 60 GHz devices;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);
*) dns - added support for multiple type static entries (CLI only);
*) email - added support for multiple "to" recipients (CLI only);
*) graphing - improved graphing service stability when receiving bogus packets;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - allow specifying two peers for a single policy for failover (CLI only);
*) lora - added "altitude", "latitude" and "longitude" to stat json if GPS is available;
*) lte - improved stability during firmware upgrade process;
*) routerboard - added "hold-time" parameter to mode-button menu (CLI only);
*) routerboard - added "reset-button" menu - custom command execution with reset button (CLI only);
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) ssh - improved SSH service stability when receiving bogus packets;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - fixed missing switch statistics (introduced in v6.47beta49);
*) user - improved user management service stability when receiving bogus packets;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - allow to specify any ethernet like interface under "Tool/WoL" menu;
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed memory leak (introduced in v6.46.4);
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - increased limit of multi-entry fields to 100;
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "south africa" regulatory domain information;
Other changes since v6.46.5:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - fixed minor typo in LED warning message;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed multiple LTE interface OID reporting;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta60
2020-05-19
What's new in 6.47beta60 (2020-Apr-24 07:38):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
*) branding - improved branding package installation process when another branding package is already installed;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) crs3xx - improved system stability when creating multiple hardware offloaded bonding interfaces (introduced in v6.47beta49);
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed default IP address assigning on non-paired 60 GHz devices;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);
*) dns - added support for multiple type static entries (CLI only);
*) email - added support for multiple "to" recipients (CLI only);
*) graphing - improved graphing service stability when receiving bogus packets;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - allow specifying two peers for a single policy for failover (CLI only);
*) lora - added "altitude", "latitude" and "longitude" to stat json if GPS is available;
*) lte - improved stability during firmware upgrade process;
*) routerboard - added "hold-time" parameter to mode-button menu (CLI only);
*) routerboard - added "reset-button" menu - custom command execution with reset button (CLI only);
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) ssh - improved SSH service stability when receiving bogus packets;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - fixed missing switch statistics (introduced in v6.47beta49);
*) user - improved user management service stability when receiving bogus packets;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - allow to specify any ethernet like interface under "Tool/WoL" menu;
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed memory leak (introduced in v6.46.4);
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - increased limit of multi-entry fields to 100;
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "south africa" regulatory domain information;
Other changes since v6.46.5:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - fixed minor typo in LED warning message;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed multiple LTE interface OID reporting;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
*) branding - improved branding package installation process when another branding package is already installed;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) crs3xx - improved system stability when creating multiple hardware offloaded bonding interfaces (introduced in v6.47beta49);
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed default IP address assigning on non-paired 60 GHz devices;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);
*) dns - added support for multiple type static entries (CLI only);
*) email - added support for multiple "to" recipients (CLI only);
*) graphing - improved graphing service stability when receiving bogus packets;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - allow specifying two peers for a single policy for failover (CLI only);
*) lora - added "altitude", "latitude" and "longitude" to stat json if GPS is available;
*) lte - improved stability during firmware upgrade process;
*) routerboard - added "hold-time" parameter to mode-button menu (CLI only);
*) routerboard - added "reset-button" menu - custom command execution with reset button (CLI only);
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) ssh - improved SSH service stability when receiving bogus packets;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - fixed missing switch statistics (introduced in v6.47beta49);
*) user - improved user management service stability when receiving bogus packets;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - allow to specify any ethernet like interface under "Tool/WoL" menu;
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed memory leak (introduced in v6.46.4);
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - increased limit of multi-entry fields to 100;
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "south africa" regulatory domain information;
Other changes since v6.46.5:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - fixed minor typo in LED warning message;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed multiple LTE interface OID reporting;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta60
2020-05-19
What's new in 6.47beta60 (2020-Apr-24 07:38):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
*) branding - improved branding package installation process when another branding package is already installed;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) crs3xx - improved system stability when creating multiple hardware offloaded bonding interfaces (introduced in v6.47beta49);
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed default IP address assigning on non-paired 60 GHz devices;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);
*) dns - added support for multiple type static entries (CLI only);
*) email - added support for multiple "to" recipients (CLI only);
*) graphing - improved graphing service stability when receiving bogus packets;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - allow specifying two peers for a single policy for failover (CLI only);
*) lora - added "altitude", "latitude" and "longitude" to stat json if GPS is available;
*) lte - improved stability during firmware upgrade process;
*) routerboard - added "hold-time" parameter to mode-button menu (CLI only);
*) routerboard - added "reset-button" menu - custom command execution with reset button (CLI only);
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) ssh - improved SSH service stability when receiving bogus packets;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - fixed missing switch statistics (introduced in v6.47beta49);
*) user - improved user management service stability when receiving bogus packets;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - allow to specify any ethernet like interface under "Tool/WoL" menu;
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed memory leak (introduced in v6.46.4);
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - increased limit of multi-entry fields to 100;
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "south africa" regulatory domain information;
Other changes since v6.46.5:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - fixed minor typo in LED warning message;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed multiple LTE interface OID reporting;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
*) branding - improved branding package installation process when another branding package is already installed;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) crs3xx - improved system stability when creating multiple hardware offloaded bonding interfaces (introduced in v6.47beta49);
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed default IP address assigning on non-paired 60 GHz devices;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - added support for forwarding DNS queries of static entries to specific server (CLI only);
*) dns - added support for multiple type static entries (CLI only);
*) email - added support for multiple "to" recipients (CLI only);
*) graphing - improved graphing service stability when receiving bogus packets;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - allow specifying two peers for a single policy for failover (CLI only);
*) lora - added "altitude", "latitude" and "longitude" to stat json if GPS is available;
*) lte - improved stability during firmware upgrade process;
*) routerboard - added "hold-time" parameter to mode-button menu (CLI only);
*) routerboard - added "reset-button" menu - custom command execution with reset button (CLI only);
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) ssh - improved SSH service stability when receiving bogus packets;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - fixed missing switch statistics (introduced in v6.47beta49);
*) user - improved user management service stability when receiving bogus packets;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - allow to specify any ethernet like interface under "Tool/WoL" menu;
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed memory leak (introduced in v6.46.4);
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - increased limit of multi-entry fields to 100;
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "south africa" regulatory domain information;
Other changes since v6.46.5:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - fixed minor typo in LED warning message;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed multiple LTE interface OID reporting;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta54
2020-04-06
What's new in 6.47beta54 (2020-Apr-06 06:32):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
Other changes since v6.46.4:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) ipsec - improved system stability when handling fragmented packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) sniffer - fixed minor typo in "host" menu;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed multiple LTE interface OID reporting;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) system - improved kernel panic reporting in logs after reboot;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-generator - improved statistics reporting;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
Other changes since v6.46.4:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) ipsec - improved system stability when handling fragmented packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) sniffer - fixed minor typo in "host" menu;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed multiple LTE interface OID reporting;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) system - improved kernel panic reporting in logs after reboot;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-generator - improved statistics reporting;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta54
2020-04-06
What's new in 6.47beta54 (2020-Apr-06 06:32):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
Other changes since v6.46.4:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) ipsec - improved system stability when handling fragmented packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) sniffer - fixed minor typo in "host" menu;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed multiple LTE interface OID reporting;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) system - improved kernel panic reporting in logs after reboot;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-generator - improved statistics reporting;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
Other changes since v6.46.4:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) ipsec - improved system stability when handling fragmented packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) sniffer - fixed minor typo in "host" menu;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed multiple LTE interface OID reporting;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) system - improved kernel panic reporting in logs after reboot;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-generator - improved statistics reporting;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta54
2020-04-06
What's new in 6.47beta54 (2020-Apr-06 06:32):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
Other changes since v6.46.4:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) ipsec - improved system stability when handling fragmented packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) sniffer - fixed minor typo in "host" menu;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed multiple LTE interface OID reporting;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) system - improved kernel panic reporting in logs after reboot;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-generator - improved statistics reporting;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
Other changes since v6.46.4:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) ipsec - improved system stability when handling fragmented packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) sniffer - fixed minor typo in "host" menu;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed multiple LTE interface OID reporting;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) system - improved kernel panic reporting in logs after reboot;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-generator - improved statistics reporting;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta53
2020-05-14
What's new in 6.47beta53 (2020-Apr-03 09:39):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) branding - do not ask to confirm configuration applied from branding package;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) dhcpv4-server - disallow zero lease-time setting;
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lte - added support for Huawei K5161 modem;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) snmp - fixed multiple LTE interface OID reporting;
*) system - improved kernel panic reporting in logs after reboot;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
Other changes since v6.46.4:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) sniffer - fixed minor typo in "host" menu;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-generator - improved statistics reporting;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) branding - do not ask to confirm configuration applied from branding package;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) dhcpv4-server - disallow zero lease-time setting;
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lte - added support for Huawei K5161 modem;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) snmp - fixed multiple LTE interface OID reporting;
*) system - improved kernel panic reporting in logs after reboot;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
Other changes since v6.46.4:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) sniffer - fixed minor typo in "host" menu;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-generator - improved statistics reporting;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta53
2020-05-14
What's new in 6.47beta53 (2020-Apr-03 09:39):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) branding - do not ask to confirm configuration applied from branding package;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) dhcpv4-server - disallow zero lease-time setting;
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lte - added support for Huawei K5161 modem;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) snmp - fixed multiple LTE interface OID reporting;
*) system - improved kernel panic reporting in logs after reboot;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
Other changes since v6.46.4:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) sniffer - fixed minor typo in "host" menu;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-generator - improved statistics reporting;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) branding - do not ask to confirm configuration applied from branding package;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) dhcpv4-server - disallow zero lease-time setting;
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lte - added support for Huawei K5161 modem;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) snmp - fixed multiple LTE interface OID reporting;
*) system - improved kernel panic reporting in logs after reboot;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
Other changes since v6.46.4:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) sniffer - fixed minor typo in "host" menu;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-generator - improved statistics reporting;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta53
2020-05-14
What's new in 6.47beta53 (2020-Apr-03 09:39):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) branding - do not ask to confirm configuration applied from branding package;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) dhcpv4-server - disallow zero lease-time setting;
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lte - added support for Huawei K5161 modem;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) snmp - fixed multiple LTE interface OID reporting;
*) system - improved kernel panic reporting in logs after reboot;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
Other changes since v6.46.4:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) sniffer - fixed minor typo in "host" menu;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-generator - improved statistics reporting;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) branding - do not ask to confirm configuration applied from branding package;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed QSFP interface linking after removing/inserting QSFP module (introduced in v6.47beta49);
*) dhcpv4-server - disallow zero lease-time setting;
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lte - added support for Huawei K5161 modem;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) snmp - fixed multiple LTE interface OID reporting;
*) system - improved kernel panic reporting in logs after reboot;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
Other changes since v6.46.4:
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) health - added "gauges" submenu with SNMP OID reporting;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) sniffer - fixed minor typo in "host" menu;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "dot1x" section to supout files;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-generator - improved statistics reporting;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta49
2020-03-20
What's new in 6.47beta49 (2020-Mar-20 07:08):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for NEOWAY N720;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - made "mac-address" parameter read-only;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) sniffer - fixed minor typo in "host" menu;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "gps" section to supout files;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - improved driver loading speed on startup;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) traffic-generator - improved statistics reporting;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
Other changes since v6.46.4:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - updated icon design;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for NEOWAY N720;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - made "mac-address" parameter read-only;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) sniffer - fixed minor typo in "host" menu;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "gps" section to supout files;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - improved driver loading speed on startup;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) traffic-generator - improved statistics reporting;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
Other changes since v6.46.4:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - updated icon design;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta49
2020-03-20
What's new in 6.47beta49 (2020-Mar-20 07:08):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for NEOWAY N720;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - made "mac-address" parameter read-only;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) sniffer - fixed minor typo in "host" menu;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "gps" section to supout files;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - improved driver loading speed on startup;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) traffic-generator - improved statistics reporting;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
Other changes since v6.46.4:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - updated icon design;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for NEOWAY N720;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - made "mac-address" parameter read-only;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) sniffer - fixed minor typo in "host" menu;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "gps" section to supout files;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - improved driver loading speed on startup;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) traffic-generator - improved statistics reporting;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
Other changes since v6.46.4:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - updated icon design;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta49
2020-03-20
What's new in 6.47beta49 (2020-Mar-20 07:08):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for NEOWAY N720;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - made "mac-address" parameter read-only;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) sniffer - fixed minor typo in "host" menu;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "gps" section to supout files;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - improved driver loading speed on startup;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) traffic-generator - improved statistics reporting;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
Other changes since v6.46.4:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - updated icon design;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy;
*) branding - fixed identity setting from branding package;
*) branding - properly use HTML files for Hotspot (introduced in v6.47beta);
*) bridge - added warning message when port is dynamically added to entry with VLAN range (CLI only);
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) crs3xx - do not change bridge host ID's when updating host table (introduced in v6.47beta32);
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) filesystem - fixed NAND memory going into read-only mode or becoming unstable over time;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth Identity;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) led - fixed minor typo in LED warning message;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - added support for NEOWAY N720;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - made "mac-address" parameter read-only;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - removed "EARFCN" field from Quick Set;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) sniffer - fixed minor typo in "host" menu;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) supout - added "gps" section to supout files;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - improved driver loading speed on startup;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) traffic-generator - improved statistics reporting;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - updated icon design;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "indonesia4" regulatory domain information;
Other changes since v6.46.4:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) crs3xx - improved switch host table updating;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) supout - improved PoE-out information reporting;
*) supout - improved UPS information reporting;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - updated icon design;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) winbox - updated icon design;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta35
2020-02-18
What's new in 6.47beta35 (2020-Feb-17 13:56):
Important note!!!
- The Dude server must be updated to monitor v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) chr - fixed graceful shutdown execution on Hyper-V (introduced in v6.46);
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) supout - improved PoE-out information reporting;
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) webfig - updated icon design;
*) winbox - updated icon design;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
Other changes since v6.46.3:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) certificate - fixed certificate verification when flushing CRL's;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - added welcome note with common first steps for new users;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - updated The Dude to use new style authentication method;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - do not allow using empty APN Profile names;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - show "phy-cellid" value only in LTE mode;
*) lte - use APN from network when blank APN used on R11e-4G;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) telnet - improved telnet compatibility with other client implementations;
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) chr - fixed graceful shutdown execution on Hyper-V (introduced in v6.46);
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) supout - improved PoE-out information reporting;
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) webfig - updated icon design;
*) winbox - updated icon design;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
Other changes since v6.46.3:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) certificate - fixed certificate verification when flushing CRL's;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - added welcome note with common first steps for new users;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - updated The Dude to use new style authentication method;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - do not allow using empty APN Profile names;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - show "phy-cellid" value only in LTE mode;
*) lte - use APN from network when blank APN used on R11e-4G;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) telnet - improved telnet compatibility with other client implementations;
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta35
2020-02-18
What's new in 6.47beta35 (2020-Feb-17 13:56):
Important note!!!
- The Dude server must be updated to monitor v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) chr - fixed graceful shutdown execution on Hyper-V (introduced in v6.46);
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) supout - improved PoE-out information reporting;
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) webfig - updated icon design;
*) winbox - updated icon design;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
Other changes since v6.46.3:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) certificate - fixed certificate verification when flushing CRL's;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - added welcome note with common first steps for new users;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - updated The Dude to use new style authentication method;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - do not allow using empty APN Profile names;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - show "phy-cellid" value only in LTE mode;
*) lte - use APN from network when blank APN used on R11e-4G;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) telnet - improved telnet compatibility with other client implementations;
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) chr - fixed graceful shutdown execution on Hyper-V (introduced in v6.46);
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) supout - improved PoE-out information reporting;
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) webfig - updated icon design;
*) winbox - updated icon design;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
Other changes since v6.46.3:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) certificate - fixed certificate verification when flushing CRL's;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - added welcome note with common first steps for new users;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - updated The Dude to use new style authentication method;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - do not allow using empty APN Profile names;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - show "phy-cellid" value only in LTE mode;
*) lte - use APN from network when blank APN used on R11e-4G;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) telnet - improved telnet compatibility with other client implementations;
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta35
2020-02-18
What's new in 6.47beta35 (2020-Feb-17 13:56):
Important note!!!
- The Dude server must be updated to monitor v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) chr - fixed graceful shutdown execution on Hyper-V (introduced in v6.46);
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) supout - improved PoE-out information reporting;
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) webfig - updated icon design;
*) winbox - updated icon design;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
Other changes since v6.46.3:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) certificate - fixed certificate verification when flushing CRL's;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - added welcome note with common first steps for new users;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - updated The Dude to use new style authentication method;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - do not allow using empty APN Profile names;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - show "phy-cellid" value only in LTE mode;
*) lte - use APN from network when blank APN used on R11e-4G;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) telnet - improved telnet compatibility with other client implementations;
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Important note!!!
- The Dude server must be updated to monitor v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) chr - fixed graceful shutdown execution on Hyper-V (introduced in v6.46);
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) ipsec - added "use-responder-dns" parameter support (CLI only);
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) supout - improved PoE-out information reporting;
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) webfig - updated icon design;
*) winbox - updated icon design;
*) wireless - allow using "russia4" regulatory domain on RU locked devices;
Other changes since v6.46.3:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) certificate - fixed certificate verification when flushing CRL's;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - added welcome note with common first steps for new users;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved recently created file survival after reboots;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - updated The Dude to use new style authentication method;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - do not allow using empty APN Profile names;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - show "phy-cellid" value only in LTE mode;
*) lte - use APN from network when blank APN used on R11e-4G;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) telnet - improved telnet compatibility with other client implementations;
*) tr069-client - removed warning log message when not using HTTPS;
*) traceroute - improved stability when invalid packet is received;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) w60g - improved stability after multiple disconnections;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Версия 6.47beta32
2020-02-10
What's new in 6.47beta32 (2020-Feb-10 11:45):
Important note!!!
- The Dude server must be updated to monitor v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) certificate - fixed certificate verification when flushing CRL's;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - added welcome note with common first steps for new users;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) disk - improved recently created file survival after reboots;
*) dns - use only servers received from IKEv2 server when present;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - updated The Dude to use new style authentication method;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow using empty APN Profile names;
*) lte - show "phy-cellid" value only in LTE mode;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) supout - improved UPS information reporting;
*) telnet - improved telnet compatibility with other client implementations;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) w60g - improved stability after multiple disconnections;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Other changes since v6.46.3:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - use APN from network when blank APN used on R11e-4G;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) traceroute - improved stability when invalid packet is received;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
Important note!!!
- The Dude server must be updated to monitor v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) certificate - fixed certificate verification when flushing CRL's;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - added welcome note with common first steps for new users;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) disk - improved recently created file survival after reboots;
*) dns - use only servers received from IKEv2 server when present;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - updated The Dude to use new style authentication method;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow using empty APN Profile names;
*) lte - show "phy-cellid" value only in LTE mode;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) supout - improved UPS information reporting;
*) telnet - improved telnet compatibility with other client implementations;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) w60g - improved stability after multiple disconnections;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Other changes since v6.46.3:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - use APN from network when blank APN used on R11e-4G;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) traceroute - improved stability when invalid packet is received;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
Версия 6.47beta32
2020-02-10
What's new in 6.47beta32 (2020-Feb-10 11:45):
Important note!!!
- The Dude server must be updated to monitor v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) certificate - fixed certificate verification when flushing CRL's;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - added welcome note with common first steps for new users;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) disk - improved recently created file survival after reboots;
*) dns - use only servers received from IKEv2 server when present;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - updated The Dude to use new style authentication method;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow using empty APN Profile names;
*) lte - show "phy-cellid" value only in LTE mode;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) supout - improved UPS information reporting;
*) telnet - improved telnet compatibility with other client implementations;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) w60g - improved stability after multiple disconnections;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Other changes since v6.46.3:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - use APN from network when blank APN used on R11e-4G;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) traceroute - improved stability when invalid packet is received;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
Important note!!!
- The Dude server must be updated to monitor v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) certificate - fixed certificate verification when flushing CRL's;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - added welcome note with common first steps for new users;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) disk - improved recently created file survival after reboots;
*) dns - use only servers received from IKEv2 server when present;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - updated The Dude to use new style authentication method;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow using empty APN Profile names;
*) lte - show "phy-cellid" value only in LTE mode;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) supout - improved UPS information reporting;
*) telnet - improved telnet compatibility with other client implementations;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) w60g - improved stability after multiple disconnections;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Other changes since v6.46.3:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - use APN from network when blank APN used on R11e-4G;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) traceroute - improved stability when invalid packet is received;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
Версия 6.47beta32
2020-02-10
What's new in 6.47beta32 (2020-Feb-10 11:45):
Important note!!!
- The Dude server must be updated to monitor v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) certificate - fixed certificate verification when flushing CRL's;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - added welcome note with common first steps for new users;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) disk - improved recently created file survival after reboots;
*) dns - use only servers received from IKEv2 server when present;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - updated The Dude to use new style authentication method;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow using empty APN Profile names;
*) lte - show "phy-cellid" value only in LTE mode;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) supout - improved UPS information reporting;
*) telnet - improved telnet compatibility with other client implementations;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) w60g - improved stability after multiple disconnections;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Other changes since v6.46.3:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - use APN from network when blank APN used on R11e-4G;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) traceroute - improved stability when invalid packet is received;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
Important note!!!
- The Dude server must be updated to monitor v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) certificate - fixed certificate verification when flushing CRL's;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed QSFP+ interface linking for CRS326-24S+2Q+ device (introduced in v6.47beta19);
*) crs3xx - improved switch host table updating;
*) defconf - added welcome note with common first steps for new users;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) defconf - fixed "no-defaults=yes" applying default configuration (introduced in v6.47beta);
*) disk - improved recently created file survival after reboots;
*) dns - use only servers received from IKEv2 server when present;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) dude - updated The Dude to use new style authentication method;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) ipsec - added "split-dns" parameter support for mode configuration (CLI only);
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow using empty APN Profile names;
*) lte - show "phy-cellid" value only in LTE mode;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) supout - improved UPS information reporting;
*) telnet - improved telnet compatibility with other client implementations;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and Netflow v9;
*) upgrade - fixed space handling in package file names;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) w60g - improved stability after multiple disconnections;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) www - added "tls-version" parameter in "IP->Services" menu (CLI only);
Other changes since v6.46.3:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) health - added "gauges" submenu with SNMP OID reporting;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - use APN from network when blank APN used on R11e-4G;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) supout - added "dot1x" section to supout files;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) traceroute - improved stability when invalid packet is received;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
Версия 6.47beta19
2020-01-13
What's new in 6.47beta19 (2020-Jan-09 08:08):
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - prevent "flash" directory from being removed (introduced in v6.46);
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) defconf - fixed "caps-mode" not initialized properly after resetting;
*) defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46);
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) health - added "gauges" submenu with SNMP OID reporting;
*) lora - added "ru-864-mid" channel plan;
*) lora - fixed packet sending when using "antenna-gain" higher than 5dB;
*) lora - improved immediate packet delivery;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
*) lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - report only valid info parameters on R11e-LTE6;
*) lte - use APN from network when blank APN used on R11e-4G;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) supout - added "dot1x" section to supout files;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) system - fixed "check-installation" on PowerPC devices (introduced in v6.46);
*) traceroute - improved stability when invalid packet is received;
*) traffic-generator - improved memory handling on CHR;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46);
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - fixed "Default Route Distance" default value when creating new LTE APN;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
Other changes since v6.46.1:
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved stability when polling MAC address related OID;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - prevent "flash" directory from being removed (introduced in v6.46);
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) defconf - fixed "caps-mode" not initialized properly after resetting;
*) defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46);
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) health - added "gauges" submenu with SNMP OID reporting;
*) lora - added "ru-864-mid" channel plan;
*) lora - fixed packet sending when using "antenna-gain" higher than 5dB;
*) lora - improved immediate packet delivery;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
*) lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - report only valid info parameters on R11e-LTE6;
*) lte - use APN from network when blank APN used on R11e-4G;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) supout - added "dot1x" section to supout files;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) system - fixed "check-installation" on PowerPC devices (introduced in v6.46);
*) traceroute - improved stability when invalid packet is received;
*) traffic-generator - improved memory handling on CHR;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46);
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - fixed "Default Route Distance" default value when creating new LTE APN;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
Other changes since v6.46.1:
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved stability when polling MAC address related OID;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
Версия 6.47beta19
2020-01-13
What's new in 6.47beta19 (2020-Jan-09 08:08):
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - prevent "flash" directory from being removed (introduced in v6.46);
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) defconf - fixed "caps-mode" not initialized properly after resetting;
*) defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46);
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) health - added "gauges" submenu with SNMP OID reporting;
*) lora - added "ru-864-mid" channel plan;
*) lora - fixed packet sending when using "antenna-gain" higher than 5dB;
*) lora - improved immediate packet delivery;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
*) lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - report only valid info parameters on R11e-LTE6;
*) lte - use APN from network when blank APN used on R11e-4G;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) supout - added "dot1x" section to supout files;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) system - fixed "check-installation" on PowerPC devices (introduced in v6.46);
*) traceroute - improved stability when invalid packet is received;
*) traffic-generator - improved memory handling on CHR;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46);
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - fixed "Default Route Distance" default value when creating new LTE APN;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
Other changes since v6.46.1:
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved stability when polling MAC address related OID;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - prevent "flash" directory from being removed (introduced in v6.46);
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) defconf - fixed "caps-mode" not initialized properly after resetting;
*) defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46);
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) health - added "gauges" submenu with SNMP OID reporting;
*) lora - added "ru-864-mid" channel plan;
*) lora - fixed packet sending when using "antenna-gain" higher than 5dB;
*) lora - improved immediate packet delivery;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
*) lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - report only valid info parameters on R11e-LTE6;
*) lte - use APN from network when blank APN used on R11e-4G;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) supout - added "dot1x" section to supout files;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) system - fixed "check-installation" on PowerPC devices (introduced in v6.46);
*) traceroute - improved stability when invalid packet is received;
*) traffic-generator - improved memory handling on CHR;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46);
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - fixed "Default Route Distance" default value when creating new LTE APN;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
Other changes since v6.46.1:
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved stability when polling MAC address related OID;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
Версия 6.47beta19
2020-01-13
What's new in 6.47beta19 (2020-Jan-09 08:08):
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - prevent "flash" directory from being removed (introduced in v6.46);
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) defconf - fixed "caps-mode" not initialized properly after resetting;
*) defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46);
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) health - added "gauges" submenu with SNMP OID reporting;
*) lora - added "ru-864-mid" channel plan;
*) lora - fixed packet sending when using "antenna-gain" higher than 5dB;
*) lora - improved immediate packet delivery;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
*) lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - report only valid info parameters on R11e-LTE6;
*) lte - use APN from network when blank APN used on R11e-4G;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) supout - added "dot1x" section to supout files;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) system - fixed "check-installation" on PowerPC devices (introduced in v6.46);
*) traceroute - improved stability when invalid packet is received;
*) traffic-generator - improved memory handling on CHR;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46);
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - fixed "Default Route Distance" default value when creating new LTE APN;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
Other changes since v6.46.1:
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved stability when polling MAC address related OID;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
MAJOR CHANGES IN v6.47:
----------------------
!) socks - added support for SOCKS5 (RFC 1928);
----------------------
Changes in this release:
!) socks - added support for SOCKS5 (RFC 1928);
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) bridge - added logging message when a host MAC address is learned on a different bridge port;
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - prevent "flash" directory from being removed (introduced in v6.46);
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) defconf - fixed "caps-mode" not initialized properly after resetting;
*) defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46);
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - added "radius-mac-format" parameter (CLI only);
*) health - added "gauges" submenu with SNMP OID reporting;
*) lora - added "ru-864-mid" channel plan;
*) lora - fixed packet sending when using "antenna-gain" higher than 5dB;
*) lora - improved immediate packet delivery;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
*) lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - report only valid info parameters on R11e-LTE6;
*) lte - use APN from network when blank APN used on R11e-4G;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) supout - added "dot1x" section to supout files;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) system - fixed "check-installation" on PowerPC devices (introduced in v6.46);
*) traceroute - improved stability when invalid packet is received;
*) traffic-generator - improved memory handling on CHR;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46);
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - fixed "Default Route Distance" default value when creating new LTE APN;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "Lora/Traffic";
Other changes since v6.46.1:
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved stability when polling MAC address related OID;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
Версия 6.46rc1
2019-11-27
What's new in 6.46rc1 (2019-Nov-26 13:19):
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) ptp - disabled support for IEEE 1588 Precision Clock Synchronization Protocol until further notice;
*) bridge - do not add dynamically VLAN entry when changing "pvid" property for non-vlan aware bridge;
*) capsman - fixed MAC address detection for "common-name" parameter in certificate requests;
*) certificate - added progress bar when creating certificate request;
*) certificate - allow specifying "name" parameter for import (CLI only);
*) crs3xx - improved system stability when initializing SFP modules;
*) export - always export "ssid" value for w60g interfaces;
*) fetch - do not allocate extra 500KiB on SMIPS;
*) ipsec - fixed IPsec policy checking on RB4011 (introduced in v6.46beta68);
*) switch - added "comment" property for switch vlan menu (CLI only);
*) w60g - do not reset link when changing comment on station;
*) w60g - fixed "monitor" command on disabled interfaces;
*) w60g - move stations to new bridge when "put-in-bridge" parameter is changed;
*) winbox - added enable/disable and comment buttons for "IP->SNMP->Communities" menu;
*) winbox - fixed field validation with negative integers (introduced in v6.46beta);
*) wireless - added "ETSI" regulatory domain information;
Other changes since v6.45.7:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) backup - store automatically created backup file in "flash" directory;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) capsman - improved radar detection algorithm;
*) ccr - improved general system stability;
*) certificate - added progress bar when creating certificate request (CLI only);
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - improved CRL updating process;
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration generation on SXT R (introduced in v6.46beta28);
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dhcvp6-client - fixed timeout when doing rebind;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) ipv6 - changed "advertise-dns" default value to "yes";
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for D402 modem;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) route - fixed area range summary route installation in VRF;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) telnet - fixed successful connection establishment output in console (introduced in v6.46beta28);
*) timezone - updated time zone database to version 2019c;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) ups - improved compatibility with APC UPS's;
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "CAPs Scanner" stopping;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) ptp - disabled support for IEEE 1588 Precision Clock Synchronization Protocol until further notice;
*) bridge - do not add dynamically VLAN entry when changing "pvid" property for non-vlan aware bridge;
*) capsman - fixed MAC address detection for "common-name" parameter in certificate requests;
*) certificate - added progress bar when creating certificate request;
*) certificate - allow specifying "name" parameter for import (CLI only);
*) crs3xx - improved system stability when initializing SFP modules;
*) export - always export "ssid" value for w60g interfaces;
*) fetch - do not allocate extra 500KiB on SMIPS;
*) ipsec - fixed IPsec policy checking on RB4011 (introduced in v6.46beta68);
*) switch - added "comment" property for switch vlan menu (CLI only);
*) w60g - do not reset link when changing comment on station;
*) w60g - fixed "monitor" command on disabled interfaces;
*) w60g - move stations to new bridge when "put-in-bridge" parameter is changed;
*) winbox - added enable/disable and comment buttons for "IP->SNMP->Communities" menu;
*) winbox - fixed field validation with negative integers (introduced in v6.46beta);
*) wireless - added "ETSI" regulatory domain information;
Other changes since v6.45.7:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) backup - store automatically created backup file in "flash" directory;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) capsman - improved radar detection algorithm;
*) ccr - improved general system stability;
*) certificate - added progress bar when creating certificate request (CLI only);
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - improved CRL updating process;
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration generation on SXT R (introduced in v6.46beta28);
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dhcvp6-client - fixed timeout when doing rebind;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) ipv6 - changed "advertise-dns" default value to "yes";
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for D402 modem;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) route - fixed area range summary route installation in VRF;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) telnet - fixed successful connection establishment output in console (introduced in v6.46beta28);
*) timezone - updated time zone database to version 2019c;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) ups - improved compatibility with APC UPS's;
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "CAPs Scanner" stopping;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
Версия 6.46rc1
2019-11-27
What's new in 6.46rc1 (2019-Nov-26 13:19):
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) ptp - disabled support for IEEE 1588 Precision Clock Synchronization Protocol until further notice;
*) bridge - do not add dynamically VLAN entry when changing "pvid" property for non-vlan aware bridge;
*) capsman - fixed MAC address detection for "common-name" parameter in certificate requests;
*) certificate - added progress bar when creating certificate request;
*) certificate - allow specifying "name" parameter for import (CLI only);
*) crs3xx - improved system stability when initializing SFP modules;
*) export - always export "ssid" value for w60g interfaces;
*) fetch - do not allocate extra 500KiB on SMIPS;
*) ipsec - fixed IPsec policy checking on RB4011 (introduced in v6.46beta68);
*) switch - added "comment" property for switch vlan menu (CLI only);
*) w60g - do not reset link when changing comment on station;
*) w60g - fixed "monitor" command on disabled interfaces;
*) w60g - move stations to new bridge when "put-in-bridge" parameter is changed;
*) winbox - added enable/disable and comment buttons for "IP->SNMP->Communities" menu;
*) winbox - fixed field validation with negative integers (introduced in v6.46beta);
*) wireless - added "ETSI" regulatory domain information;
Other changes since v6.45.7:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) backup - store automatically created backup file in "flash" directory;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) capsman - improved radar detection algorithm;
*) ccr - improved general system stability;
*) certificate - added progress bar when creating certificate request (CLI only);
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - improved CRL updating process;
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration generation on SXT R (introduced in v6.46beta28);
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dhcvp6-client - fixed timeout when doing rebind;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) ipv6 - changed "advertise-dns" default value to "yes";
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for D402 modem;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) route - fixed area range summary route installation in VRF;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) telnet - fixed successful connection establishment output in console (introduced in v6.46beta28);
*) timezone - updated time zone database to version 2019c;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) ups - improved compatibility with APC UPS's;
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "CAPs Scanner" stopping;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) ptp - disabled support for IEEE 1588 Precision Clock Synchronization Protocol until further notice;
*) bridge - do not add dynamically VLAN entry when changing "pvid" property for non-vlan aware bridge;
*) capsman - fixed MAC address detection for "common-name" parameter in certificate requests;
*) certificate - added progress bar when creating certificate request;
*) certificate - allow specifying "name" parameter for import (CLI only);
*) crs3xx - improved system stability when initializing SFP modules;
*) export - always export "ssid" value for w60g interfaces;
*) fetch - do not allocate extra 500KiB on SMIPS;
*) ipsec - fixed IPsec policy checking on RB4011 (introduced in v6.46beta68);
*) switch - added "comment" property for switch vlan menu (CLI only);
*) w60g - do not reset link when changing comment on station;
*) w60g - fixed "monitor" command on disabled interfaces;
*) w60g - move stations to new bridge when "put-in-bridge" parameter is changed;
*) winbox - added enable/disable and comment buttons for "IP->SNMP->Communities" menu;
*) winbox - fixed field validation with negative integers (introduced in v6.46beta);
*) wireless - added "ETSI" regulatory domain information;
Other changes since v6.45.7:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) backup - store automatically created backup file in "flash" directory;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) capsman - improved radar detection algorithm;
*) ccr - improved general system stability;
*) certificate - added progress bar when creating certificate request (CLI only);
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - improved CRL updating process;
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration generation on SXT R (introduced in v6.46beta28);
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dhcvp6-client - fixed timeout when doing rebind;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) ipv6 - changed "advertise-dns" default value to "yes";
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for D402 modem;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) route - fixed area range summary route installation in VRF;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) telnet - fixed successful connection establishment output in console (introduced in v6.46beta28);
*) timezone - updated time zone database to version 2019c;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) ups - improved compatibility with APC UPS's;
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "CAPs Scanner" stopping;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
Версия 6.46rc1
2019-11-27
What's new in 6.46rc1 (2019-Nov-26 13:19):
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) ptp - disabled support for IEEE 1588 Precision Clock Synchronization Protocol until further notice;
*) bridge - do not add dynamically VLAN entry when changing "pvid" property for non-vlan aware bridge;
*) capsman - fixed MAC address detection for "common-name" parameter in certificate requests;
*) certificate - added progress bar when creating certificate request;
*) certificate - allow specifying "name" parameter for import (CLI only);
*) crs3xx - improved system stability when initializing SFP modules;
*) export - always export "ssid" value for w60g interfaces;
*) fetch - do not allocate extra 500KiB on SMIPS;
*) ipsec - fixed IPsec policy checking on RB4011 (introduced in v6.46beta68);
*) switch - added "comment" property for switch vlan menu (CLI only);
*) w60g - do not reset link when changing comment on station;
*) w60g - fixed "monitor" command on disabled interfaces;
*) w60g - move stations to new bridge when "put-in-bridge" parameter is changed;
*) winbox - added enable/disable and comment buttons for "IP->SNMP->Communities" menu;
*) winbox - fixed field validation with negative integers (introduced in v6.46beta);
*) wireless - added "ETSI" regulatory domain information;
Other changes since v6.45.7:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) backup - store automatically created backup file in "flash" directory;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) capsman - improved radar detection algorithm;
*) ccr - improved general system stability;
*) certificate - added progress bar when creating certificate request (CLI only);
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - improved CRL updating process;
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration generation on SXT R (introduced in v6.46beta28);
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dhcvp6-client - fixed timeout when doing rebind;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) ipv6 - changed "advertise-dns" default value to "yes";
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for D402 modem;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) route - fixed area range summary route installation in VRF;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) telnet - fixed successful connection establishment output in console (introduced in v6.46beta28);
*) timezone - updated time zone database to version 2019c;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) ups - improved compatibility with APC UPS's;
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "CAPs Scanner" stopping;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) ptp - disabled support for IEEE 1588 Precision Clock Synchronization Protocol until further notice;
*) bridge - do not add dynamically VLAN entry when changing "pvid" property for non-vlan aware bridge;
*) capsman - fixed MAC address detection for "common-name" parameter in certificate requests;
*) certificate - added progress bar when creating certificate request;
*) certificate - allow specifying "name" parameter for import (CLI only);
*) crs3xx - improved system stability when initializing SFP modules;
*) export - always export "ssid" value for w60g interfaces;
*) fetch - do not allocate extra 500KiB on SMIPS;
*) ipsec - fixed IPsec policy checking on RB4011 (introduced in v6.46beta68);
*) switch - added "comment" property for switch vlan menu (CLI only);
*) w60g - do not reset link when changing comment on station;
*) w60g - fixed "monitor" command on disabled interfaces;
*) w60g - move stations to new bridge when "put-in-bridge" parameter is changed;
*) winbox - added enable/disable and comment buttons for "IP->SNMP->Communities" menu;
*) winbox - fixed field validation with negative integers (introduced in v6.46beta);
*) wireless - added "ETSI" regulatory domain information;
Other changes since v6.45.7:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) backup - store automatically created backup file in "flash" directory;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) capsman - improved radar detection algorithm;
*) ccr - improved general system stability;
*) certificate - added progress bar when creating certificate request (CLI only);
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - improved CRL updating process;
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration generation on SXT R (introduced in v6.46beta28);
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dhcvp6-client - fixed timeout when doing rebind;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) ipv6 - changed "advertise-dns" default value to "yes";
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for D402 modem;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) route - fixed area range summary route installation in VRF;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) telnet - fixed successful connection establishment output in console (introduced in v6.46beta28);
*) timezone - updated time zone database to version 2019c;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) ups - improved compatibility with APC UPS's;
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "CAPs Scanner" stopping;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
Версия 6.46beta9
2019-07-11
What's new in 6.46beta9 (2019-Jul-11 09:04):
Changes in this release:
*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ppp - disable DTR send when using at-chat;
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) winbox - properly show timestamp in file "Creation Time" field;
Other changes since v6.45.1:
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
Changes in this release:
*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ppp - disable DTR send when using at-chat;
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) winbox - properly show timestamp in file "Creation Time" field;
Other changes since v6.45.1:
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
Версия 6.46beta9
2019-07-11
What's new in 6.46beta9 (2019-Jul-11 09:04):
Changes in this release:
*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ppp - disable DTR send when using at-chat;
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) winbox - properly show timestamp in file "Creation Time" field;
Other changes since v6.45.1:
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
Changes in this release:
*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ppp - disable DTR send when using at-chat;
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) winbox - properly show timestamp in file "Creation Time" field;
Other changes since v6.45.1:
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
Версия 6.46beta9
2019-07-11
What's new in 6.46beta9 (2019-Jul-11 09:04):
Changes in this release:
*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ppp - disable DTR send when using at-chat;
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) winbox - properly show timestamp in file "Creation Time" field;
Other changes since v6.45.1:
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
Changes in this release:
*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ppp - disable DTR send when using at-chat;
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) winbox - properly show timestamp in file "Creation Time" field;
Other changes since v6.45.1:
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
Версия 6.46beta68
2019-11-25
What's new in 6.46beta68 (2019-Nov-21 09:13):
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - store automatically created backup file in "flash" directory;
*) capsman - improved radar detection algorithm;
*) certificate - added progress bar when creating certificate request (CLI only);
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) defconf - fixed default configuration generation on SXT R (introduced in v6.46beta28);
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) lte - added support for D402 modem;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) route - fixed area range summary route installation in VRF;
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) telnet - fixed successful connection establishment output in console (introduced in v6.46beta28);
*) timezone - updated time zone database to version 2019c;
*) ups - improved compatibility with APC UPS's;
*) winbox - fixed "CAPs Scanner" stopping;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
Other changes since v6.45.7:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) ccr - improved general system stability;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dhcvp6-client - fixed timeout when doing rebind;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipv6 - changed "advertise-dns" default value to "yes";
*) log - increased log message length limit to 1024 characters;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - store automatically created backup file in "flash" directory;
*) capsman - improved radar detection algorithm;
*) certificate - added progress bar when creating certificate request (CLI only);
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) defconf - fixed default configuration generation on SXT R (introduced in v6.46beta28);
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) lte - added support for D402 modem;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) route - fixed area range summary route installation in VRF;
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) telnet - fixed successful connection establishment output in console (introduced in v6.46beta28);
*) timezone - updated time zone database to version 2019c;
*) ups - improved compatibility with APC UPS's;
*) winbox - fixed "CAPs Scanner" stopping;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
Other changes since v6.45.7:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) ccr - improved general system stability;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dhcvp6-client - fixed timeout when doing rebind;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipv6 - changed "advertise-dns" default value to "yes";
*) log - increased log message length limit to 1024 characters;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
Версия 6.46beta68
2019-11-25
What's new in 6.46beta68 (2019-Nov-21 09:13):
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - store automatically created backup file in "flash" directory;
*) capsman - improved radar detection algorithm;
*) certificate - added progress bar when creating certificate request (CLI only);
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) defconf - fixed default configuration generation on SXT R (introduced in v6.46beta28);
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) lte - added support for D402 modem;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) route - fixed area range summary route installation in VRF;
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) telnet - fixed successful connection establishment output in console (introduced in v6.46beta28);
*) timezone - updated time zone database to version 2019c;
*) ups - improved compatibility with APC UPS's;
*) winbox - fixed "CAPs Scanner" stopping;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
Other changes since v6.45.7:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) ccr - improved general system stability;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dhcvp6-client - fixed timeout when doing rebind;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipv6 - changed "advertise-dns" default value to "yes";
*) log - increased log message length limit to 1024 characters;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - store automatically created backup file in "flash" directory;
*) capsman - improved radar detection algorithm;
*) certificate - added progress bar when creating certificate request (CLI only);
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) defconf - fixed default configuration generation on SXT R (introduced in v6.46beta28);
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) lte - added support for D402 modem;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) route - fixed area range summary route installation in VRF;
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) telnet - fixed successful connection establishment output in console (introduced in v6.46beta28);
*) timezone - updated time zone database to version 2019c;
*) ups - improved compatibility with APC UPS's;
*) winbox - fixed "CAPs Scanner" stopping;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
Other changes since v6.45.7:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) ccr - improved general system stability;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dhcvp6-client - fixed timeout when doing rebind;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipv6 - changed "advertise-dns" default value to "yes";
*) log - increased log message length limit to 1024 characters;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
Версия 6.46beta68
2019-11-25
What's new in 6.46beta68 (2019-Nov-21 09:13):
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - store automatically created backup file in "flash" directory;
*) capsman - improved radar detection algorithm;
*) certificate - added progress bar when creating certificate request (CLI only);
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) defconf - fixed default configuration generation on SXT R (introduced in v6.46beta28);
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) lte - added support for D402 modem;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) route - fixed area range summary route installation in VRF;
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) telnet - fixed successful connection establishment output in console (introduced in v6.46beta28);
*) timezone - updated time zone database to version 2019c;
*) ups - improved compatibility with APC UPS's;
*) winbox - fixed "CAPs Scanner" stopping;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
Other changes since v6.45.7:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) ccr - improved general system stability;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dhcvp6-client - fixed timeout when doing rebind;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipv6 - changed "advertise-dns" default value to "yes";
*) log - increased log message length limit to 1024 characters;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - store automatically created backup file in "flash" directory;
*) capsman - improved radar detection algorithm;
*) certificate - added progress bar when creating certificate request (CLI only);
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) defconf - fixed default configuration generation on SXT R (introduced in v6.46beta28);
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) lte - added support for D402 modem;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) route - fixed area range summary route installation in VRF;
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) telnet - fixed successful connection establishment output in console (introduced in v6.46beta28);
*) timezone - updated time zone database to version 2019c;
*) ups - improved compatibility with APC UPS's;
*) winbox - fixed "CAPs Scanner" stopping;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
Other changes since v6.45.7:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) ccr - improved general system stability;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dhcvp6-client - fixed timeout when doing rebind;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipv6 - changed "advertise-dns" default value to "yes";
*) log - increased log message length limit to 1024 characters;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
Версия 6.46beta6
2019-07-04
What's new in 6.46beta6 (2019-Jul-04 11:53):
Changes in this release:
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
Changes in this release:
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
Версия 6.46beta6
2019-07-04
What's new in 6.46beta6 (2019-Jul-04 11:53):
Changes in this release:
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
Changes in this release:
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
Версия 6.46beta6
2019-07-04
What's new in 6.46beta6 (2019-Jul-04 11:53):
Changes in this release:
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
Changes in this release:
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
Версия 6.46beta59
2019-10-25
What's new in 6.46beta59 (2019-Oct-25 07:44):
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - fixed automatic backup file generation when configuration reset by button;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) ccr - improved general system stability;
*) crs3xx - improved interface initialization;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcvp6-client - fixed timeout when doing rebind;
*) ethernet - do not enable interface after reboot that is already disabled;
*) export - fixed "bootp-support" parameter export;
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ipv6 - changed "advertise-dns" default value to "yes";
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) wireless - added "canada2" regulatory domain information;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed channel auto reselection;
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) led - fixed default LED configuration for RBLHG5nD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) sniffer - allow filtering by packet size;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) system - improved system stability for devices with AR9342;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - fixed automatic backup file generation when configuration reset by button;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) ccr - improved general system stability;
*) crs3xx - improved interface initialization;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcvp6-client - fixed timeout when doing rebind;
*) ethernet - do not enable interface after reboot that is already disabled;
*) export - fixed "bootp-support" parameter export;
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ipv6 - changed "advertise-dns" default value to "yes";
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) wireless - added "canada2" regulatory domain information;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed channel auto reselection;
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) led - fixed default LED configuration for RBLHG5nD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) sniffer - allow filtering by packet size;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) system - improved system stability for devices with AR9342;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
Версия 6.46beta59
2019-10-25
What's new in 6.46beta59 (2019-Oct-25 07:44):
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - fixed automatic backup file generation when configuration reset by button;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) ccr - improved general system stability;
*) crs3xx - improved interface initialization;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcvp6-client - fixed timeout when doing rebind;
*) ethernet - do not enable interface after reboot that is already disabled;
*) export - fixed "bootp-support" parameter export;
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ipv6 - changed "advertise-dns" default value to "yes";
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) wireless - added "canada2" regulatory domain information;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed channel auto reselection;
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) led - fixed default LED configuration for RBLHG5nD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) sniffer - allow filtering by packet size;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) system - improved system stability for devices with AR9342;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - fixed automatic backup file generation when configuration reset by button;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) ccr - improved general system stability;
*) crs3xx - improved interface initialization;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcvp6-client - fixed timeout when doing rebind;
*) ethernet - do not enable interface after reboot that is already disabled;
*) export - fixed "bootp-support" parameter export;
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ipv6 - changed "advertise-dns" default value to "yes";
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) wireless - added "canada2" regulatory domain information;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed channel auto reselection;
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) led - fixed default LED configuration for RBLHG5nD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) sniffer - allow filtering by packet size;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) system - improved system stability for devices with AR9342;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
Версия 6.46beta59
2019-10-25
What's new in 6.46beta59 (2019-Oct-25 07:44):
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - fixed automatic backup file generation when configuration reset by button;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) ccr - improved general system stability;
*) crs3xx - improved interface initialization;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcvp6-client - fixed timeout when doing rebind;
*) ethernet - do not enable interface after reboot that is already disabled;
*) export - fixed "bootp-support" parameter export;
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ipv6 - changed "advertise-dns" default value to "yes";
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) wireless - added "canada2" regulatory domain information;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed channel auto reselection;
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) led - fixed default LED configuration for RBLHG5nD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) sniffer - allow filtering by packet size;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) system - improved system stability for devices with AR9342;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) backup - fixed automatic backup file generation when configuration reset by button;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) ccr - improved general system stability;
*) crs3xx - improved interface initialization;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcvp6-client - fixed timeout when doing rebind;
*) ethernet - do not enable interface after reboot that is already disabled;
*) export - fixed "bootp-support" parameter export;
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ipv6 - changed "advertise-dns" default value to "yes";
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) snmp - added "disabled" and "comment" parameters for communities (CLI only);
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) wireless - added "canada2" regulatory domain information;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed channel auto reselection;
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) led - fixed default LED configuration for RBLHG5nD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) sniffer - allow filtering by packet size;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) system - improved system stability for devices with AR9342;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) usb - general USB modem stability improvements;
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
Версия 6.46beta55
2019-10-15
What's new in 6.46beta55 (2019-Oct-15 06:08):
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error;
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) led - fixed default LED configuration for RBLHG5nD;
*) lte - added support for LM960A18;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fix "operator" names not being displayed properly;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) sniffer - allow filtering by packet size;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) system - improved system stability for devices with AR9342;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) upgrade - improved auto package updating using "check-for-updates";
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) wireless - updated "united-states" regulatory domain information;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
*) wireless - updated "ukraine" regulatory domain information;
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error;
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) led - fixed default LED configuration for RBLHG5nD;
*) lte - added support for LM960A18;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fix "operator" names not being displayed properly;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) sniffer - allow filtering by packet size;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) system - improved system stability for devices with AR9342;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) upgrade - improved auto package updating using "check-for-updates";
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) wireless - updated "united-states" regulatory domain information;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
*) wireless - updated "ukraine" regulatory domain information;
Версия 6.46beta55
2019-10-15
What's new in 6.46beta55 (2019-Oct-15 06:08):
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error;
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) led - fixed default LED configuration for RBLHG5nD;
*) lte - added support for LM960A18;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fix "operator" names not being displayed properly;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) sniffer - allow filtering by packet size;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) system - improved system stability for devices with AR9342;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) upgrade - improved auto package updating using "check-for-updates";
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) wireless - updated "united-states" regulatory domain information;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
*) wireless - updated "ukraine" regulatory domain information;
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error;
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) led - fixed default LED configuration for RBLHG5nD;
*) lte - added support for LM960A18;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fix "operator" names not being displayed properly;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) sniffer - allow filtering by packet size;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) system - improved system stability for devices with AR9342;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) upgrade - improved auto package updating using "check-for-updates";
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) wireless - updated "united-states" regulatory domain information;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
*) wireless - updated "ukraine" regulatory domain information;
Версия 6.46beta55
2019-10-15
What's new in 6.46beta55 (2019-Oct-15 06:08):
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error;
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) led - fixed default LED configuration for RBLHG5nD;
*) lte - added support for LM960A18;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fix "operator" names not being displayed properly;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) sniffer - allow filtering by packet size;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) system - improved system stability for devices with AR9342;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) upgrade - improved auto package updating using "check-for-updates";
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) wireless - updated "united-states" regulatory domain information;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
*) wireless - updated "ukraine" regulatory domain information;
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
----------------------
Changes in this release:
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error;
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dude - fixed data retrieval over SNMP (introduced in v6.46beta44);
*) fetch - fixed "dst-path" not allowed to create new directories (introduced in v6.46beta34);
*) hotspot - fixed "html-directory" not allowed to create new directories (introduced in v6.46beta34);
*) led - fixed default LED configuration for RBLHG5nD;
*) lte - added support for LM960A18;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fix "operator" names not being displayed properly;
*) ptp - added support for IEEE 1588 Precision Clock Synchronization Protocol on CRS317-1G-16S+ (CLI only);
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) sniffer - allow filtering by packet size;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) system - fixed branding package installation (introduced in v6.46beta34);
*) system - improved system stability for devices with AR9342;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - fixed firmware update (introduced in v6.46beta34);
*) upgrade - improved auto package updating using "check-for-updates";
*) userman - fixed customer referencing on WEB (introduced in v6.46beta9);
*) wireless - updated "united-states" regulatory domain information;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed channel auto reselection;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) chr - added support for Azure guest agent;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - use "src-address" also for traps;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
*) wireless - updated "ukraine" regulatory domain information;
Версия 6.46beta44
2019-09-19
What's new in 6.46beta44 (2019-Sep-19 05:54):
Changes in this release:
*) capsman - fixed channel auto reselection;
*) chr - added support for Azure guest agent;
*) console - fixed "tobool" conversion;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - improved modem initialization;
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - use "src-address" also for traps;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) btest - removed duplicate "duration" parameter;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Changes in this release:
*) capsman - fixed channel auto reselection;
*) chr - added support for Azure guest agent;
*) console - fixed "tobool" conversion;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - improved modem initialization;
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - use "src-address" also for traps;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) btest - removed duplicate "duration" parameter;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Версия 6.46beta44
2019-09-19
What's new in 6.46beta44 (2019-Sep-19 05:54):
Changes in this release:
*) capsman - fixed channel auto reselection;
*) chr - added support for Azure guest agent;
*) console - fixed "tobool" conversion;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - improved modem initialization;
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - use "src-address" also for traps;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) btest - removed duplicate "duration" parameter;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Changes in this release:
*) capsman - fixed channel auto reselection;
*) chr - added support for Azure guest agent;
*) console - fixed "tobool" conversion;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - improved modem initialization;
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - use "src-address" also for traps;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) btest - removed duplicate "duration" parameter;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Версия 6.46beta44
2019-09-19
What's new in 6.46beta44 (2019-Sep-19 05:54):
Changes in this release:
*) capsman - fixed channel auto reselection;
*) chr - added support for Azure guest agent;
*) console - fixed "tobool" conversion;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - improved modem initialization;
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - use "src-address" also for traps;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) btest - removed duplicate "duration" parameter;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Changes in this release:
*) capsman - fixed channel auto reselection;
*) chr - added support for Azure guest agent;
*) console - fixed "tobool" conversion;
*) crs305 - fixed sfp-sfpplus2 - sfp-sfpplus4 interface linking (introduced in v6.46beta28);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - improved modem initialization;
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sfp - correctly read EEPROM data from SFP modules (introduced in v6.46beta38);
*) snmp - use "src-address" also for traps;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
Other changes since v6.45.6:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) btest - removed duplicate "duration" parameter;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Версия 6.46beta38
2019-08-29
What's new in 6.46beta38 (2019-Aug-29 07:29):
Changes in this release:
*) btest - removed duplicate "duration" parameter;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) qsfp - clear SFP monitoring data on port enable;
*) qsfp - correctly display SFP monitoring data;
*) qsfp - fixed EEPROM checksum validation;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) supout - removed "file" option from "/system sup-output" command;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed RX chain selection;
*) wireless - include last frequency when manually setting frequency step in "scan-list";
Other changes since v6.45.5:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Changes in this release:
*) btest - removed duplicate "duration" parameter;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) qsfp - clear SFP monitoring data on port enable;
*) qsfp - correctly display SFP monitoring data;
*) qsfp - fixed EEPROM checksum validation;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) supout - removed "file" option from "/system sup-output" command;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed RX chain selection;
*) wireless - include last frequency when manually setting frequency step in "scan-list";
Other changes since v6.45.5:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Версия 6.46beta38
2019-08-29
What's new in 6.46beta38 (2019-Aug-29 07:29):
Changes in this release:
*) btest - removed duplicate "duration" parameter;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) qsfp - clear SFP monitoring data on port enable;
*) qsfp - correctly display SFP monitoring data;
*) qsfp - fixed EEPROM checksum validation;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) supout - removed "file" option from "/system sup-output" command;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed RX chain selection;
*) wireless - include last frequency when manually setting frequency step in "scan-list";
Other changes since v6.45.5:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Changes in this release:
*) btest - removed duplicate "duration" parameter;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) qsfp - clear SFP monitoring data on port enable;
*) qsfp - correctly display SFP monitoring data;
*) qsfp - fixed EEPROM checksum validation;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) supout - removed "file" option from "/system sup-output" command;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed RX chain selection;
*) wireless - include last frequency when manually setting frequency step in "scan-list";
Other changes since v6.45.5:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Версия 6.46beta38
2019-08-29
What's new in 6.46beta38 (2019-Aug-29 07:29):
Changes in this release:
*) btest - removed duplicate "duration" parameter;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) qsfp - clear SFP monitoring data on port enable;
*) qsfp - correctly display SFP monitoring data;
*) qsfp - fixed EEPROM checksum validation;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) supout - removed "file" option from "/system sup-output" command;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed RX chain selection;
*) wireless - include last frequency when manually setting frequency step in "scan-list";
Other changes since v6.45.5:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Changes in this release:
*) btest - removed duplicate "duration" parameter;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed IP conversation to "num" data type;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) qsfp - clear SFP monitoring data on port enable;
*) qsfp - correctly display SFP monitoring data;
*) qsfp - fixed EEPROM checksum validation;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) supout - removed "file" option from "/system sup-output" command;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - fixed RX chain selection;
*) wireless - include last frequency when manually setting frequency step in "scan-list";
Other changes since v6.45.5:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) log - increased log message length limit to 1024 characters;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Версия 6.46beta34
2019-08-22
What's new in 6.46beta34 (2019-Aug-22 06:24):
Changes in this release:
*) dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) ike2 - properly start all initiators to the same remote address;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
*) ipsec - fixed minor spelling mistakes in logs;
*) log - increased log message length limit to 1024 characters;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) ssh - fixed carriage return presence in subsequent sessions;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
Other changes since v6.45.3:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed basic rate reporting in snooper;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Changes in this release:
*) dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) ike2 - properly start all initiators to the same remote address;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
*) ipsec - fixed minor spelling mistakes in logs;
*) log - increased log message length limit to 1024 characters;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) ssh - fixed carriage return presence in subsequent sessions;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
Other changes since v6.45.3:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed basic rate reporting in snooper;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Версия 6.46beta34
2019-08-22
What's new in 6.46beta34 (2019-Aug-22 06:24):
Changes in this release:
*) dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) ike2 - properly start all initiators to the same remote address;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
*) ipsec - fixed minor spelling mistakes in logs;
*) log - increased log message length limit to 1024 characters;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) ssh - fixed carriage return presence in subsequent sessions;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
Other changes since v6.45.3:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed basic rate reporting in snooper;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Changes in this release:
*) dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) ike2 - properly start all initiators to the same remote address;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
*) ipsec - fixed minor spelling mistakes in logs;
*) log - increased log message length limit to 1024 characters;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) ssh - fixed carriage return presence in subsequent sessions;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
Other changes since v6.45.3:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed basic rate reporting in snooper;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Версия 6.46beta34
2019-08-22
What's new in 6.46beta34 (2019-Aug-22 06:24):
Changes in this release:
*) dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) ike2 - properly start all initiators to the same remote address;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
*) ipsec - fixed minor spelling mistakes in logs;
*) log - increased log message length limit to 1024 characters;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) ssh - fixed carriage return presence in subsequent sessions;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
Other changes since v6.45.3:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed basic rate reporting in snooper;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Changes in this release:
*) dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike2 - fixed IPv6 policy generation (introduced in v6.46beta28);
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) ike2 - properly start all initiators to the same remote address;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
*) ipsec - fixed minor spelling mistakes in logs;
*) log - increased log message length limit to 1024 characters;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) qsfp - show more QSFP module diagnostics;
*) quickset - added "LTE AP Dual" mode support;
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) ssh - fixed carriage return presence in subsequent sessions;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
Other changes since v6.45.3:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) certificate - improved CRL updating process;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - require "policy" permission to print default configuration;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed basic rate reporting in snooper;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Версия 6.46beta28
2019-08-09
What's new in 6.46beta28 (2019-Aug-08 07:26):
Changes in this release:
*) certificate - improved CRL updating process;
*) defconf - require "policy" permission to print default configuration;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed basic rate reporting in snooper;
Other changes since v6.45.3:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Changes in this release:
*) certificate - improved CRL updating process;
*) defconf - require "policy" permission to print default configuration;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed basic rate reporting in snooper;
Other changes since v6.45.3:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Версия 6.46beta28
2019-08-09
What's new in 6.46beta28 (2019-Aug-08 07:26):
Changes in this release:
*) certificate - improved CRL updating process;
*) defconf - require "policy" permission to print default configuration;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed basic rate reporting in snooper;
Other changes since v6.45.3:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Changes in this release:
*) certificate - improved CRL updating process;
*) defconf - require "policy" permission to print default configuration;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed basic rate reporting in snooper;
Other changes since v6.45.3:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Версия 6.46beta28
2019-08-09
What's new in 6.46beta28 (2019-Aug-08 07:26):
Changes in this release:
*) certificate - improved CRL updating process;
*) defconf - require "policy" permission to print default configuration;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed basic rate reporting in snooper;
Other changes since v6.45.3:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Changes in this release:
*) certificate - improved CRL updating process;
*) defconf - require "policy" permission to print default configuration;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - improved rekeying process with Windows initiators;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) webfig - fixed link to Winbox download;
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed basic rate reporting in snooper;
Other changes since v6.45.3:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) conntrack - properly start manually enabled connection tracking;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - updated "ukraine" regulatory domain information;
Версия 6.46beta16
2019-07-24
What's new in 6.46beta16 (2019-Jul-23 06:44):
Changes in this release:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;
*) wireless - updated "ukraine" regulatory domain information;
Other changes since v6.45.2:
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;
Changes in this release:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;
*) wireless - updated "ukraine" regulatory domain information;
Other changes since v6.45.2:
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;
Версия 6.46beta16
2019-07-24
What's new in 6.46beta16 (2019-Jul-23 06:44):
Changes in this release:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;
*) wireless - updated "ukraine" regulatory domain information;
Other changes since v6.45.2:
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;
Changes in this release:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;
*) wireless - updated "ukraine" regulatory domain information;
Other changes since v6.45.2:
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;
Версия 6.46beta16
2019-07-24
What's new in 6.46beta16 (2019-Jul-23 06:44):
Changes in this release:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;
*) wireless - updated "ukraine" regulatory domain information;
Other changes since v6.45.2:
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;
Changes in this release:
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) capsman - improved DFS channel switching when radar detected;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - remove previously set mirror-source property before changing it;
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) ipsec - added "error" topic for identity check failure logging messages;
*) lte - fixed USB network device driver initialization (introduced in v6.46beta9);
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - fix port isolation for non-CRS series switch chips;
*) tr069-client - added multiple LTE monitoring parameters;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;
*) wireless - updated "ukraine" regulatory domain information;
Other changes since v6.45.2:
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) conntrack - properly start manually enabled connection tracking;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) fetch - improved stability when processing large output data;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - show "primary-band" only for LTE modems;
*) ppp - disable DTR send when using at-chat;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) winbox - properly show timestamp in file "Creation Time" field;
Версия 6.45beta62
2019-06-14
What's new in 6.45beta62 (2019-Jun-13 10:13):
Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) user - removed insecure password storage;
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) crs3xx - fixed "tx-drop" counter;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added passthrough interface subnet selection;
*) lte - fixed LTE interface running state on RBSXTLTE3-7 (introduced in v6.45beta);
*) m33g - added support for additional Serial Console port on GPIO headers;
*) routerboard - renamed 'sim' menu to 'modem';
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - improved reliability on SNMP service packet validation;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) user - removed insecure password storage;
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) crs3xx - fixed "tx-drop" counter;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added passthrough interface subnet selection;
*) lte - fixed LTE interface running state on RBSXTLTE3-7 (introduced in v6.45beta);
*) m33g - added support for additional Serial Console port on GPIO headers;
*) routerboard - renamed 'sim' menu to 'modem';
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - improved reliability on SNMP service packet validation;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Версия 6.45beta62
2019-06-14
What's new in 6.45beta62 (2019-Jun-13 10:13):
Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) user - removed insecure password storage;
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) crs3xx - fixed "tx-drop" counter;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added passthrough interface subnet selection;
*) lte - fixed LTE interface running state on RBSXTLTE3-7 (introduced in v6.45beta);
*) m33g - added support for additional Serial Console port on GPIO headers;
*) routerboard - renamed 'sim' menu to 'modem';
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - improved reliability on SNMP service packet validation;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) user - removed insecure password storage;
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) crs3xx - fixed "tx-drop" counter;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added passthrough interface subnet selection;
*) lte - fixed LTE interface running state on RBSXTLTE3-7 (introduced in v6.45beta);
*) m33g - added support for additional Serial Console port on GPIO headers;
*) routerboard - renamed 'sim' menu to 'modem';
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - improved reliability on SNMP service packet validation;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Версия 6.45beta62
2019-06-14
What's new in 6.45beta62 (2019-Jun-13 10:13):
Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) user - removed insecure password storage;
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) crs3xx - fixed "tx-drop" counter;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added passthrough interface subnet selection;
*) lte - fixed LTE interface running state on RBSXTLTE3-7 (introduced in v6.45beta);
*) m33g - added support for additional Serial Console port on GPIO headers;
*) routerboard - renamed 'sim' menu to 'modem';
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - improved reliability on SNMP service packet validation;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) user - removed insecure password storage;
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) crs3xx - fixed "tx-drop" counter;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added passthrough interface subnet selection;
*) lte - fixed LTE interface running state on RBSXTLTE3-7 (introduced in v6.45beta);
*) m33g - added support for additional Serial Console port on GPIO headers;
*) routerboard - renamed 'sim' menu to 'modem';
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - improved reliability on SNMP service packet validation;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Версия 6.45beta6
2019-03-05
What's new in 6.45beta6 (2019-Mar-05 08:51):
Changes in this release:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) certificate - force 3DES encryption for P12 certificate export;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - fixed dual stack queue addition;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) gps - increase precision for dd format;
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menus;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) certificate - force 3DES encryption for P12 certificate export;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - fixed dual stack queue addition;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) gps - increase precision for dd format;
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menus;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta6
2019-03-05
What's new in 6.45beta6 (2019-Mar-05 08:51):
Changes in this release:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) certificate - force 3DES encryption for P12 certificate export;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - fixed dual stack queue addition;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) gps - increase precision for dd format;
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menus;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) certificate - force 3DES encryption for P12 certificate export;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - fixed dual stack queue addition;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) gps - increase precision for dd format;
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menus;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta6
2019-03-05
What's new in 6.45beta6 (2019-Mar-05 08:51):
Changes in this release:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) certificate - force 3DES encryption for P12 certificate export;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - fixed dual stack queue addition;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) gps - increase precision for dd format;
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menus;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) certificate - force 3DES encryption for P12 certificate export;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - fixed dual stack queue addition;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) gps - increase precision for dd format;
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menus;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta54
2019-05-28
What's new in 6.45beta54 (2019-May-24 07:51):
Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
!) user - removed insecure password storage;
----------------------
Changes in this release:
!) user - removed insecure password storage;
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) crs317 - fixed known multicast flooding to the CPU;
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for IKE rekeying for initiator;
*) ike2 - improved child SA rekeying process;
*) lte - added initial support for Vodafone R216-Z;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
!) user - removed insecure password storage;
----------------------
Changes in this release:
!) user - removed insecure password storage;
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) crs317 - fixed known multicast flooding to the CPU;
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for IKE rekeying for initiator;
*) ike2 - improved child SA rekeying process;
*) lte - added initial support for Vodafone R216-Z;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta54
2019-05-28
What's new in 6.45beta54 (2019-May-24 07:51):
Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
!) user - removed insecure password storage;
----------------------
Changes in this release:
!) user - removed insecure password storage;
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) crs317 - fixed known multicast flooding to the CPU;
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for IKE rekeying for initiator;
*) ike2 - improved child SA rekeying process;
*) lte - added initial support for Vodafone R216-Z;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
!) user - removed insecure password storage;
----------------------
Changes in this release:
!) user - removed insecure password storage;
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) crs317 - fixed known multicast flooding to the CPU;
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for IKE rekeying for initiator;
*) ike2 - improved child SA rekeying process;
*) lte - added initial support for Vodafone R216-Z;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta54
2019-05-28
What's new in 6.45beta54 (2019-May-24 07:51):
Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
!) user - removed insecure password storage;
----------------------
Changes in this release:
!) user - removed insecure password storage;
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) crs317 - fixed known multicast flooding to the CPU;
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for IKE rekeying for initiator;
*) ike2 - improved child SA rekeying process;
*) lte - added initial support for Vodafone R216-Z;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Important note!!!
Downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
!) user - removed insecure password storage;
----------------------
Changes in this release:
!) user - removed insecure password storage;
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) crs317 - fixed known multicast flooding to the CPU;
*) ike1 - general stability improvements (introduced in v6.45beta);
*) ike2 - added support for IKE rekeying for initiator;
*) ike2 - improved child SA rekeying process;
*) lte - added initial support for Vodafone R216-Z;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta50
2019-05-21
What's new in 6.45beta50 (2019-May-20 09:30):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) ccr - improved packet processing after overloading interface;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - improved firmware upgrade process;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added "pwr-line" section to supout file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) capsman - fixed interface-list usage in access list;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) ccr - improved packet processing after overloading interface;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - improved firmware upgrade process;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added "pwr-line" section to supout file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) capsman - fixed interface-list usage in access list;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta50
2019-05-21
What's new in 6.45beta50 (2019-May-20 09:30):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) ccr - improved packet processing after overloading interface;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - improved firmware upgrade process;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added "pwr-line" section to supout file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) capsman - fixed interface-list usage in access list;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) ccr - improved packet processing after overloading interface;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - improved firmware upgrade process;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added "pwr-line" section to supout file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) capsman - fixed interface-list usage in access list;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta50
2019-05-21
What's new in 6.45beta50 (2019-May-20 09:30):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) ccr - improved packet processing after overloading interface;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - improved firmware upgrade process;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added "pwr-line" section to supout file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) capsman - fixed interface-list usage in access list;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) bridge - fixed port running state for non-ethernet interfaces (introduced in v6.45beta33);
*) ccr - improved packet processing after overloading interface;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - changed default configuration type to AP for cAP series devices;
*) dhcpv6-client - added option to disable rapid-commit (CLI only);
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) ike2 - fixed pre-shared-key authentication failure (introduced in v6.45beta34);
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipv6 - improved system stability when receiving bogus packets;
*) lte - improved firmware upgrade process;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added "pwr-line" section to supout file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) capsman - fixed interface-list usage in access list;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - significant stability and performance improvements;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta45
2019-05-13
What's new in 6.45beta45 (2019-May-13 09:22):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
----------------------
Changes in this release:
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
*) conntrack - significant stability and performance improvements;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) wireless - improved installation mode selection for wireless outdoor equipment;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) capsman - fixed interface-list usage in access list;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
----------------------
Changes in this release:
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
*) conntrack - significant stability and performance improvements;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) wireless - improved installation mode selection for wireless outdoor equipment;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) capsman - fixed interface-list usage in access list;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta45
2019-05-13
What's new in 6.45beta45 (2019-May-13 09:22):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
----------------------
Changes in this release:
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
*) conntrack - significant stability and performance improvements;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) wireless - improved installation mode selection for wireless outdoor equipment;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) capsman - fixed interface-list usage in access list;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
----------------------
Changes in this release:
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
*) conntrack - significant stability and performance improvements;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) wireless - improved installation mode selection for wireless outdoor equipment;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) capsman - fixed interface-list usage in access list;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta45
2019-05-13
What's new in 6.45beta45 (2019-May-13 09:22):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
----------------------
Changes in this release:
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
*) conntrack - significant stability and performance improvements;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) wireless - improved installation mode selection for wireless outdoor equipment;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) capsman - fixed interface-list usage in access list;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
----------------------
Changes in this release:
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator (CLI only);
*) conntrack - significant stability and performance improvements;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) wireless - improved installation mode selection for wireless outdoor equipment;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) capsman - fixed interface-list usage in access list;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta42
2019-05-09
What's new in 6.45beta42 (2019-May-08 12:44):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) capsman - fixed interface-list usage in access list;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - show neighbors on actual mesh ports;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) w60g - do not show unused "dmg" parameter;
*) w60g - show running frequency under "monitor" command;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta34);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) capsman - fixed interface-list usage in access list;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - show neighbors on actual mesh ports;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) w60g - do not show unused "dmg" parameter;
*) w60g - show running frequency under "monitor" command;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta34);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta42
2019-05-09
What's new in 6.45beta42 (2019-May-08 12:44):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) capsman - fixed interface-list usage in access list;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - show neighbors on actual mesh ports;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) w60g - do not show unused "dmg" parameter;
*) w60g - show running frequency under "monitor" command;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta34);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) capsman - fixed interface-list usage in access list;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - show neighbors on actual mesh ports;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) w60g - do not show unused "dmg" parameter;
*) w60g - show running frequency under "monitor" command;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta34);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta42
2019-05-09
What's new in 6.45beta42 (2019-May-08 12:44):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) capsman - fixed interface-list usage in access list;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - show neighbors on actual mesh ports;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) w60g - do not show unused "dmg" parameter;
*) w60g - show running frequency under "monitor" command;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta34);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) capsman - fixed interface-list usage in access list;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta31);
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - show neighbors on actual mesh ports;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) w60g - do not show unused "dmg" parameter;
*) w60g - show running frequency under "monitor" command;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
Other changes since v6.44.3:
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - correctly handle switch reset (introduced in v6.45beta34);
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta37
2019-04-26
What's new in 6.45beta37 (2019-Apr-25 12:20):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) crs3xx - correctly handle switch reset (introduced in v6.45beta34);
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ipsec - general improvements in policy handling;
*) lte - allow setting empty APN;
*) supout - added IPv6 ND section to supout file;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
Other changes since v6.44.3:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) crs3xx - correctly handle switch reset (introduced in v6.45beta34);
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ipsec - general improvements in policy handling;
*) lte - allow setting empty APN;
*) supout - added IPv6 ND section to supout file;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
Other changes since v6.44.3:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta37
2019-04-26
What's new in 6.45beta37 (2019-Apr-25 12:20):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) crs3xx - correctly handle switch reset (introduced in v6.45beta34);
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ipsec - general improvements in policy handling;
*) lte - allow setting empty APN;
*) supout - added IPv6 ND section to supout file;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
Other changes since v6.44.3:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) crs3xx - correctly handle switch reset (introduced in v6.45beta34);
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ipsec - general improvements in policy handling;
*) lte - allow setting empty APN;
*) supout - added IPv6 ND section to supout file;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
Other changes since v6.44.3:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta37
2019-04-26
What's new in 6.45beta37 (2019-Apr-25 12:20):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) crs3xx - correctly handle switch reset (introduced in v6.45beta34);
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ipsec - general improvements in policy handling;
*) lte - allow setting empty APN;
*) supout - added IPv6 ND section to supout file;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
Other changes since v6.44.3:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap) as initiator (CLI only);
*) bridge - correctly add interface list as bridge port (introduced in v6.45beta34);
*) crs3xx - correctly handle switch reset (introduced in v6.45beta34);
*) ike2 - fixed first child SA generation (introduced in v6.45beta34);
*) ipsec - general improvements in policy handling;
*) lte - allow setting empty APN;
*) supout - added IPv6 ND section to supout file;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
Other changes since v6.44.3:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) e-mail - include "message-id" identification field in e-mail header;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta34
2019-04-18
What's new in 6.45beta34 (2019-Apr-18 08:59):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) e-mail - include "message-id" identification field in e-mail header;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) supout - changed IPv6 pool section to output detailed print;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - fixed possible configuration corruption after import;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved wireless country settings for EU countries;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) e-mail - include "message-id" identification field in e-mail header;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) supout - changed IPv6 pool section to output detailed print;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - fixed possible configuration corruption after import;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved wireless country settings for EU countries;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta34
2019-04-18
What's new in 6.45beta34 (2019-Apr-18 08:59):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) e-mail - include "message-id" identification field in e-mail header;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) supout - changed IPv6 pool section to output detailed print;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - fixed possible configuration corruption after import;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved wireless country settings for EU countries;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) e-mail - include "message-id" identification field in e-mail header;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) supout - changed IPv6 pool section to output detailed print;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - fixed possible configuration corruption after import;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved wireless country settings for EU countries;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta34
2019-04-18
What's new in 6.45beta34 (2019-Apr-18 08:59):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) e-mail - include "message-id" identification field in e-mail header;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) supout - changed IPv6 pool section to output detailed print;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - fixed possible configuration corruption after import;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved wireless country settings for EU countries;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) e-mail - include "message-id" identification field in e-mail header;
*) ike1 - fixed rekeying process when NAT is detected (introduced in v6.45beta16);
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) supout - changed IPv6 pool section to output detailed print;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) winbox - fixed crash when opening CAPsMAN menu (introduced in v6.45beta27);
*) wireless - fixed "country-info" printing (introduced in v6.45beta27);
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - fixed possible configuration corruption after import;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved wireless country settings for EU countries;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta31
2019-04-12
What's new in 6.45beta31 (2019-Apr-12 10:29):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) fetch - added SFTP support;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - general improvements in policy handling;
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - adjusted IPv6 route cache max size;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool";
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) wireless - improved wireless country settings for EU countries;
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - fixed possible configuration corruption after import;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) fetch - added SFTP support;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - general improvements in policy handling;
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - adjusted IPv6 route cache max size;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool";
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) wireless - improved wireless country settings for EU countries;
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - fixed possible configuration corruption after import;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta31
2019-04-12
What's new in 6.45beta31 (2019-Apr-12 10:29):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) fetch - added SFTP support;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - general improvements in policy handling;
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - adjusted IPv6 route cache max size;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool";
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) wireless - improved wireless country settings for EU countries;
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - fixed possible configuration corruption after import;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) fetch - added SFTP support;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - general improvements in policy handling;
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - adjusted IPv6 route cache max size;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool";
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) wireless - improved wireless country settings for EU countries;
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - fixed possible configuration corruption after import;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta31
2019-04-12
What's new in 6.45beta31 (2019-Apr-12 10:29):
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) fetch - added SFTP support;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - general improvements in policy handling;
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - adjusted IPv6 route cache max size;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool";
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) wireless - improved wireless country settings for EU countries;
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - fixed possible configuration corruption after import;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
----------------------
Changes in this release:
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control (CLI only);
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter (CLI only);
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters (CLI only);
*) dhcpv6-server - added "route-distance" parameter (CLI only);
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) fetch - added SFTP support;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods (CLI only);
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - general improvements in policy handling;
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - adjusted IPv6 route cache max size;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool";
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) wireless - improved wireless country settings for EU countries;
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - fixed possible configuration corruption after import;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta27
2019-04-04
What's new in 6.45beta27 (2019-Apr-03 13:53):
Changes in this release:
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - improved neighbour's MAC address detection;
*) fetch - added SFTP support;
*) ipsec - fixed possible configuration corruption after import;
*) ipv6 - improved IPv6 neighbor table updating process;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed multiline non-interactive command execution;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - improved neighbour's MAC address detection;
*) fetch - added SFTP support;
*) ipsec - fixed possible configuration corruption after import;
*) ipv6 - improved IPv6 neighbor table updating process;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed multiline non-interactive command execution;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta27
2019-04-04
What's new in 6.45beta27 (2019-Apr-03 13:53):
Changes in this release:
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - improved neighbour's MAC address detection;
*) fetch - added SFTP support;
*) ipsec - fixed possible configuration corruption after import;
*) ipv6 - improved IPv6 neighbor table updating process;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed multiline non-interactive command execution;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - improved neighbour's MAC address detection;
*) fetch - added SFTP support;
*) ipsec - fixed possible configuration corruption after import;
*) ipv6 - improved IPv6 neighbor table updating process;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed multiline non-interactive command execution;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta27
2019-04-04
What's new in 6.45beta27 (2019-Apr-03 13:53):
Changes in this release:
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - improved neighbour's MAC address detection;
*) fetch - added SFTP support;
*) ipsec - fixed possible configuration corruption after import;
*) ipv6 - improved IPv6 neighbor table updating process;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed multiline non-interactive command execution;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - improved neighbour's MAC address detection;
*) fetch - added SFTP support;
*) ipsec - fixed possible configuration corruption after import;
*) ipv6 - improved IPv6 neighbor table updating process;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed multiline non-interactive command execution;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
Other changes since v6.44.2:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta23
2019-04-01
What's new in 6.45beta23 (2019-Apr-01 05:51):
MAJOR CHANGES IN v6.45:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipsec - properly drop already established tunnel when address change detected;
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
*) smb - fixed possible buffer overflow;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipsec - properly drop already established tunnel when address change detected;
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
*) smb - fixed possible buffer overflow;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta23
2019-04-01
What's new in 6.45beta23 (2019-Apr-01 05:51):
MAJOR CHANGES IN v6.45:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipsec - properly drop already established tunnel when address change detected;
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
*) smb - fixed possible buffer overflow;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipsec - properly drop already established tunnel when address change detected;
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
*) smb - fixed possible buffer overflow;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta23
2019-04-01
What's new in 6.45beta23 (2019-Apr-01 05:51):
MAJOR CHANGES IN v6.45:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipsec - properly drop already established tunnel when address change detected;
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
*) smb - fixed possible buffer overflow;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
MAJOR CHANGES IN v6.45:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipsec - properly drop already established tunnel when address change detected;
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
*) smb - fixed possible buffer overflow;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added "key-type" field (CLI only);
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - use correct user when "output-to-file" parameter is used;
*) supout - added "kid-control devices" section to supout file;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta22
2019-03-29
What's new in 6.45beta22 (2019-Mar-29 08:37):
Changes in this release:
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
*) certificate - added "key-type" field (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added support for RADIUS accounting;
*) ipsec - fixed policies becoming invalid after changing priority;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) supout - added "kid-control devices" section to supout file;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
*) certificate - added "key-type" field (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added support for RADIUS accounting;
*) ipsec - fixed policies becoming invalid after changing priority;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) supout - added "kid-control devices" section to supout file;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta22
2019-03-29
What's new in 6.45beta22 (2019-Mar-29 08:37):
Changes in this release:
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
*) certificate - added "key-type" field (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added support for RADIUS accounting;
*) ipsec - fixed policies becoming invalid after changing priority;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) supout - added "kid-control devices" section to supout file;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
*) certificate - added "key-type" field (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added support for RADIUS accounting;
*) ipsec - fixed policies becoming invalid after changing priority;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) supout - added "kid-control devices" section to supout file;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta22
2019-03-29
What's new in 6.45beta22 (2019-Mar-29 08:37):
Changes in this release:
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
*) certificate - added "key-type" field (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added support for RADIUS accounting;
*) ipsec - fixed policies becoming invalid after changing priority;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) supout - added "kid-control devices" section to supout file;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
*) certificate - added "key-type" field (CLI only);
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) dhcpv6-server - added "address-list" support for bindings (CLI only);
*) export - fixed SMS "allowed-number" compact export (introduced in v6.45beta);
*) fetch - added SFTP support;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added support for RADIUS accounting;
*) ipsec - fixed policies becoming invalid after changing priority;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) ssh - fixed multiline non-interactive command execution;
*) ssh - improved session rekeying process on exchanged data size threshold;
*) supout - added "kid-control devices" section to supout file;
*) userman - updated authorize.net gateway DNS name;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike1 - adjusted debug packet logging topics;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed freshly created identity not taken in action;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta20
2019-03-26
What's new in 6.45beta20 (2019-Mar-25 10:07):
Changes in this release:
*) certificate - made RAM the default CRL storage location;
*) ike1 - adjusted debug packet logging topics;
*) ipsec - fixed freshly created identity not taken in action;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) certificate - made RAM the default CRL storage location;
*) ike1 - adjusted debug packet logging topics;
*) ipsec - fixed freshly created identity not taken in action;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta20
2019-03-26
What's new in 6.45beta20 (2019-Mar-25 10:07):
Changes in this release:
*) certificate - made RAM the default CRL storage location;
*) ike1 - adjusted debug packet logging topics;
*) ipsec - fixed freshly created identity not taken in action;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) certificate - made RAM the default CRL storage location;
*) ike1 - adjusted debug packet logging topics;
*) ipsec - fixed freshly created identity not taken in action;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta20
2019-03-26
What's new in 6.45beta20 (2019-Mar-25 10:07):
Changes in this release:
*) certificate - made RAM the default CRL storage location;
*) ike1 - adjusted debug packet logging topics;
*) ipsec - fixed freshly created identity not taken in action;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) certificate - made RAM the default CRL storage location;
*) ike1 - adjusted debug packet logging topics;
*) ipsec - fixed freshly created identity not taken in action;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) sms - fixed long message parsing (introduced in v6.45beta19);
*) wireless - fixed 5GHz interface disappearing after upgrade (introduced in v6.45beta19);
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - removed DSA (D) flag;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - do not generate host key on configuration export;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta19
2019-03-22
What's new in 6.45beta19 (2019-Mar-22 07:30):
Changes in this release:
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - removed DSA (D) flag;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) ssh - do not generate host key on configuration export;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - removed DSA (D) flag;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) ssh - do not generate host key on configuration export;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta19
2019-03-22
What's new in 6.45beta19 (2019-Mar-22 07:30):
Changes in this release:
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - removed DSA (D) flag;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) ssh - do not generate host key on configuration export;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - removed DSA (D) flag;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) ssh - do not generate host key on configuration export;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta19
2019-03-22
What's new in 6.45beta19 (2019-Mar-22 07:30):
Changes in this release:
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - removed DSA (D) flag;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) ssh - do not generate host key on configuration export;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1) (CLI only);
*) certificate - removed DSA (D) flag;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) smb - fixed possible buffer overflow;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) ssh - do not generate host key on configuration export;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) switch - properly reapply settings after switch chip reset;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta16
2019-03-18
What's new in 6.45beta16 (2019-Mar-18 07:49):
Changes in this release:
*) dhcpv4-server - improved stability when performing "check-status" command;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) lte - use default APN name "internet" when not provided;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) switch - properly reapply settings after switch chip reset;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) dhcpv4-server - improved stability when performing "check-status" command;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) lte - use default APN name "internet" when not provided;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) switch - properly reapply settings after switch chip reset;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta16
2019-03-18
What's new in 6.45beta16 (2019-Mar-18 07:49):
Changes in this release:
*) dhcpv4-server - improved stability when performing "check-status" command;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) lte - use default APN name "internet" when not provided;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) switch - properly reapply settings after switch chip reset;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) dhcpv4-server - improved stability when performing "check-status" command;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) lte - use default APN name "internet" when not provided;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) switch - properly reapply settings after switch chip reset;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta16
2019-03-18
What's new in 6.45beta16 (2019-Mar-18 07:49):
Changes in this release:
*) dhcpv4-server - improved stability when performing "check-status" command;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) lte - use default APN name "internet" when not provided;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) switch - properly reapply settings after switch chip reset;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) dhcpv4-server - improved stability when performing "check-status" command;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity (CLI only);
*) ipsec - added "ph2-total" counter to "active-peers" menu (CLI only);
*) ipsec - added support for RADIUS accounting;
*) ipsec - added traffic statistics to "active-peers" menu (CLI only);
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - renamed "remote-peers" to "active-peers" (CLI only);
*) lte - use default APN name "internet" when not provided;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) switch - properly reapply settings after switch chip reset;
Other changes since v6.44.1:
*) bridge - fixed log message when hardware offloading is being enabled;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta11
2019-03-11
What's new in 6.45beta11 (2019-Mar-08 13:24):
Changes in this release:
*) bridge - fixed log message when hardware offloading is being enabled;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
*) lte - fixed LTE interface band setting on RBSXTLTE3-7 (introduced in v6.44);
*) lte - improved "info" command query;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sms - allow specifying multiple "allowed-number" values;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
Other changes since v6.44:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) certificate - force 3DES encryption for P12 certificate export;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) gps - increase precision for dd format;
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menus;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) bridge - fixed log message when hardware offloading is being enabled;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
*) lte - fixed LTE interface band setting on RBSXTLTE3-7 (introduced in v6.44);
*) lte - improved "info" command query;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sms - allow specifying multiple "allowed-number" values;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
Other changes since v6.44:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) certificate - force 3DES encryption for P12 certificate export;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) gps - increase precision for dd format;
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menus;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta11
2019-03-11
What's new in 6.45beta11 (2019-Mar-08 13:24):
Changes in this release:
*) bridge - fixed log message when hardware offloading is being enabled;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
*) lte - fixed LTE interface band setting on RBSXTLTE3-7 (introduced in v6.44);
*) lte - improved "info" command query;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sms - allow specifying multiple "allowed-number" values;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
Other changes since v6.44:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) certificate - force 3DES encryption for P12 certificate export;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) gps - increase precision for dd format;
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menus;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) bridge - fixed log message when hardware offloading is being enabled;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
*) lte - fixed LTE interface band setting on RBSXTLTE3-7 (introduced in v6.44);
*) lte - improved "info" command query;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sms - allow specifying multiple "allowed-number" values;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
Other changes since v6.44:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) certificate - force 3DES encryption for P12 certificate export;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) gps - increase precision for dd format;
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menus;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.45beta11
2019-03-11
What's new in 6.45beta11 (2019-Mar-08 13:24):
Changes in this release:
*) bridge - fixed log message when hardware offloading is being enabled;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
*) lte - fixed LTE interface band setting on RBSXTLTE3-7 (introduced in v6.44);
*) lte - improved "info" command query;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sms - allow specifying multiple "allowed-number" values;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
Other changes since v6.44:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) certificate - force 3DES encryption for P12 certificate export;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) gps - increase precision for dd format;
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menus;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Changes in this release:
*) bridge - fixed log message when hardware offloading is being enabled;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv6-server - added RADIUS accounting support;
*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
*) lte - fixed LTE interface band setting on RBSXTLTE3-7 (introduced in v6.44);
*) lte - improved "info" command query;
*) rb4011 - fixed SFP linking (introduced in v6.45beta6);
*) sms - allow specifying multiple "allowed-number" values;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
Other changes since v6.44:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - added support for ECC (Elliptic Curve Cryptography);
*) certificate - force 3DES encryption for P12 certificate export;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) fetch - improved user policy lookup;
*) gps - increase precision for dd format;
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - do not show error message for info commands that are not supported;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use secondary DNS for DNS server configuration;
*) ppp - added initial support for Quectel BG96;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) ssh - use correct user when "output-to-file" parameter is used;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) tile - improved link fault detection on SFP+ ports;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menus;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - updated "india" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
Версия 6.44rc4
2019-02-22
What's new in 6.44rc4 (2019-Feb-22 10:11):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
*) ike1 - do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
*) interface - added "pwr-line" interface support (more information will follow in next newsletter);
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) winbox - organized wireless parameters between simple and advanced modes;
*) wireless - improved NV2 performance for all ARM devices;
Other changes since v6.43.12:
*) dhcpv4-server - use ARP for conflict detection;
*) discovery - use source MAC address from master interface for MNDP packets (introduced in v6.44beta50);
*) fetch - improved file downloading to slow memory;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - fixed memory leak;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) lte - added initial support for Telit LN940;
*) lte - added option to lock the LTE operator;
*) smb - added commenting option for SMB users (CLI only);
*) supout - fixed Profile output on single core devices;
*) userman - added first and last name fields for signup form;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added multiple APN support for R11e-4G;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
*) ike1 - do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
*) interface - added "pwr-line" interface support (more information will follow in next newsletter);
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) winbox - organized wireless parameters between simple and advanced modes;
*) wireless - improved NV2 performance for all ARM devices;
Other changes since v6.43.12:
*) dhcpv4-server - use ARP for conflict detection;
*) discovery - use source MAC address from master interface for MNDP packets (introduced in v6.44beta50);
*) fetch - improved file downloading to slow memory;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - fixed memory leak;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) lte - added initial support for Telit LN940;
*) lte - added option to lock the LTE operator;
*) smb - added commenting option for SMB users (CLI only);
*) supout - fixed Profile output on single core devices;
*) userman - added first and last name fields for signup form;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added multiple APN support for R11e-4G;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
Версия 6.44rc4
2019-02-22
What's new in 6.44rc4 (2019-Feb-22 10:11):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
*) ike1 - do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
*) interface - added "pwr-line" interface support (more information will follow in next newsletter);
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) winbox - organized wireless parameters between simple and advanced modes;
*) wireless - improved NV2 performance for all ARM devices;
Other changes since v6.43.12:
*) dhcpv4-server - use ARP for conflict detection;
*) discovery - use source MAC address from master interface for MNDP packets (introduced in v6.44beta50);
*) fetch - improved file downloading to slow memory;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - fixed memory leak;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) lte - added initial support for Telit LN940;
*) lte - added option to lock the LTE operator;
*) smb - added commenting option for SMB users (CLI only);
*) supout - fixed Profile output on single core devices;
*) userman - added first and last name fields for signup form;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added multiple APN support for R11e-4G;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
*) ike1 - do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
*) interface - added "pwr-line" interface support (more information will follow in next newsletter);
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) winbox - organized wireless parameters between simple and advanced modes;
*) wireless - improved NV2 performance for all ARM devices;
Other changes since v6.43.12:
*) dhcpv4-server - use ARP for conflict detection;
*) discovery - use source MAC address from master interface for MNDP packets (introduced in v6.44beta50);
*) fetch - improved file downloading to slow memory;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - fixed memory leak;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) lte - added initial support for Telit LN940;
*) lte - added option to lock the LTE operator;
*) smb - added commenting option for SMB users (CLI only);
*) supout - fixed Profile output on single core devices;
*) userman - added first and last name fields for signup form;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added multiple APN support for R11e-4G;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
Версия 6.44rc4
2019-02-22
What's new in 6.44rc4 (2019-Feb-22 10:11):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
*) ike1 - do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
*) interface - added "pwr-line" interface support (more information will follow in next newsletter);
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) winbox - organized wireless parameters between simple and advanced modes;
*) wireless - improved NV2 performance for all ARM devices;
Other changes since v6.43.12:
*) dhcpv4-server - use ARP for conflict detection;
*) discovery - use source MAC address from master interface for MNDP packets (introduced in v6.44beta50);
*) fetch - improved file downloading to slow memory;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - fixed memory leak;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) lte - added initial support for Telit LN940;
*) lte - added option to lock the LTE operator;
*) smb - added commenting option for SMB users (CLI only);
*) supout - fixed Profile output on single core devices;
*) userman - added first and last name fields for signup form;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added multiple APN support for R11e-4G;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
*) ike1 - do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
*) interface - added "pwr-line" interface support (more information will follow in next newsletter);
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) winbox - organized wireless parameters between simple and advanced modes;
*) wireless - improved NV2 performance for all ARM devices;
Other changes since v6.43.12:
*) dhcpv4-server - use ARP for conflict detection;
*) discovery - use source MAC address from master interface for MNDP packets (introduced in v6.44beta50);
*) fetch - improved file downloading to slow memory;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - fixed memory leak;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) lte - added initial support for Telit LN940;
*) lte - added option to lock the LTE operator;
*) smb - added commenting option for SMB users (CLI only);
*) supout - fixed Profile output on single core devices;
*) userman - added first and last name fields for signup form;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added multiple APN support for R11e-4G;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
Версия 6.44rc1
2019-02-15
What's new in 6.44rc1 (2019-Feb-15 07:12):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) radius - initial implementation of RadSec (Radius communication over TLS);
*) dhcpv4-server - use ARP for conflict detection;
*) discovery - use source MAC address from master interface for MNDP packets (introduced in v6.44beta50);
*) fetch - improved file downloading to slow memory;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - fixed memory leak;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) lte - added initial support for Telit LN940;
*) lte - added option to lock the LTE operator;
*) smb - added commenting option for SMB users (CLI only);
*) supout - fixed Profile output on single core devices;
*) userman - added first and last name fields for signup form;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
Other changes since v6.43.12:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added multiple APN support for R11e-4G;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) radius - initial implementation of RadSec (Radius communication over TLS);
*) dhcpv4-server - use ARP for conflict detection;
*) discovery - use source MAC address from master interface for MNDP packets (introduced in v6.44beta50);
*) fetch - improved file downloading to slow memory;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - fixed memory leak;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) lte - added initial support for Telit LN940;
*) lte - added option to lock the LTE operator;
*) smb - added commenting option for SMB users (CLI only);
*) supout - fixed Profile output on single core devices;
*) userman - added first and last name fields for signup form;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
Other changes since v6.43.12:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added multiple APN support for R11e-4G;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
Версия 6.44rc1
2019-02-15
What's new in 6.44rc1 (2019-Feb-15 07:12):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) radius - initial implementation of RadSec (Radius communication over TLS);
*) dhcpv4-server - use ARP for conflict detection;
*) discovery - use source MAC address from master interface for MNDP packets (introduced in v6.44beta50);
*) fetch - improved file downloading to slow memory;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - fixed memory leak;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) lte - added initial support for Telit LN940;
*) lte - added option to lock the LTE operator;
*) smb - added commenting option for SMB users (CLI only);
*) supout - fixed Profile output on single core devices;
*) userman - added first and last name fields for signup form;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
Other changes since v6.43.12:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added multiple APN support for R11e-4G;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) radius - initial implementation of RadSec (Radius communication over TLS);
*) dhcpv4-server - use ARP for conflict detection;
*) discovery - use source MAC address from master interface for MNDP packets (introduced in v6.44beta50);
*) fetch - improved file downloading to slow memory;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - fixed memory leak;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) lte - added initial support for Telit LN940;
*) lte - added option to lock the LTE operator;
*) smb - added commenting option for SMB users (CLI only);
*) supout - fixed Profile output on single core devices;
*) userman - added first and last name fields for signup form;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
Other changes since v6.43.12:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added multiple APN support for R11e-4G;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
Версия 6.44rc1
2019-02-15
What's new in 6.44rc1 (2019-Feb-15 07:12):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) radius - initial implementation of RadSec (Radius communication over TLS);
*) dhcpv4-server - use ARP for conflict detection;
*) discovery - use source MAC address from master interface for MNDP packets (introduced in v6.44beta50);
*) fetch - improved file downloading to slow memory;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - fixed memory leak;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) lte - added initial support for Telit LN940;
*) lte - added option to lock the LTE operator;
*) smb - added commenting option for SMB users (CLI only);
*) supout - fixed Profile output on single core devices;
*) userman - added first and last name fields for signup form;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
Other changes since v6.43.12:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added multiple APN support for R11e-4G;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) radius - initial implementation of RadSec (Radius communication over TLS);
*) dhcpv4-server - use ARP for conflict detection;
*) discovery - use source MAC address from master interface for MNDP packets (introduced in v6.44beta50);
*) fetch - improved file downloading to slow memory;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - fixed memory leak;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) lte - added initial support for Telit LN940;
*) lte - added option to lock the LTE operator;
*) smb - added commenting option for SMB users (CLI only);
*) supout - fixed Profile output on single core devices;
*) userman - added first and last name fields for signup form;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
Other changes since v6.43.12:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added multiple APN support for R11e-4G;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
Версия 6.44beta9
2018-09-18
What's new in 6.44beta9 (2018-Sep-17 07:20):
MAJOR CHANGES IN v6.44:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) switch - fixed port mirroring on devices that do not support CPU Flow Control;
*) webfig - allow to change user name when creating a new system user;
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" setting to "IP/DHCP Server/Leases" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IPv6/DHCPv6 Server/Bindings" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - fixed corrupt user database after specifying allowed address range (introduced in v6.43);
*) winbox - make bridge port "untrusted" by default when creating new port;
*) winbox - show "IP/Cloud" menu on CHR;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Other changes since v6.43:
*) chr - assign interface names based on underlying PCI device order on KVM;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - log only failed pool additions;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed ACL rules on IPQ4018 devices;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
MAJOR CHANGES IN v6.44:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) switch - fixed port mirroring on devices that do not support CPU Flow Control;
*) webfig - allow to change user name when creating a new system user;
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" setting to "IP/DHCP Server/Leases" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IPv6/DHCPv6 Server/Bindings" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - fixed corrupt user database after specifying allowed address range (introduced in v6.43);
*) winbox - make bridge port "untrusted" by default when creating new port;
*) winbox - show "IP/Cloud" menu on CHR;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Other changes since v6.43:
*) chr - assign interface names based on underlying PCI device order on KVM;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - log only failed pool additions;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed ACL rules on IPQ4018 devices;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
Версия 6.44beta9
2018-09-18
What's new in 6.44beta9 (2018-Sep-17 07:20):
MAJOR CHANGES IN v6.44:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) switch - fixed port mirroring on devices that do not support CPU Flow Control;
*) webfig - allow to change user name when creating a new system user;
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" setting to "IP/DHCP Server/Leases" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IPv6/DHCPv6 Server/Bindings" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - fixed corrupt user database after specifying allowed address range (introduced in v6.43);
*) winbox - make bridge port "untrusted" by default when creating new port;
*) winbox - show "IP/Cloud" menu on CHR;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Other changes since v6.43:
*) chr - assign interface names based on underlying PCI device order on KVM;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - log only failed pool additions;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed ACL rules on IPQ4018 devices;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
MAJOR CHANGES IN v6.44:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) switch - fixed port mirroring on devices that do not support CPU Flow Control;
*) webfig - allow to change user name when creating a new system user;
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" setting to "IP/DHCP Server/Leases" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IPv6/DHCPv6 Server/Bindings" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - fixed corrupt user database after specifying allowed address range (introduced in v6.43);
*) winbox - make bridge port "untrusted" by default when creating new port;
*) winbox - show "IP/Cloud" menu on CHR;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Other changes since v6.43:
*) chr - assign interface names based on underlying PCI device order on KVM;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - log only failed pool additions;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed ACL rules on IPQ4018 devices;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
Версия 6.44beta9
2018-09-18
What's new in 6.44beta9 (2018-Sep-17 07:20):
MAJOR CHANGES IN v6.44:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) switch - fixed port mirroring on devices that do not support CPU Flow Control;
*) webfig - allow to change user name when creating a new system user;
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" setting to "IP/DHCP Server/Leases" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IPv6/DHCPv6 Server/Bindings" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - fixed corrupt user database after specifying allowed address range (introduced in v6.43);
*) winbox - make bridge port "untrusted" by default when creating new port;
*) winbox - show "IP/Cloud" menu on CHR;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Other changes since v6.43:
*) chr - assign interface names based on underlying PCI device order on KVM;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - log only failed pool additions;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed ACL rules on IPQ4018 devices;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
MAJOR CHANGES IN v6.44:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) switch - fixed port mirroring on devices that do not support CPU Flow Control;
*) webfig - allow to change user name when creating a new system user;
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" setting to "IP/DHCP Server/Leases" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IPv6/DHCPv6 Server/Bindings" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - fixed corrupt user database after specifying allowed address range (introduced in v6.43);
*) winbox - make bridge port "untrusted" by default when creating new port;
*) winbox - show "IP/Cloud" menu on CHR;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Other changes since v6.43:
*) chr - assign interface names based on underlying PCI device order on KVM;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - log only failed pool additions;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed ACL rules on IPQ4018 devices;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
Версия 6.44beta75
2019-02-11
What's new in 6.44beta75 (2019-Feb-08 08:02):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.44beta61);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) certificate - show digest algorithm used in signature;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) hotspot - added "https-redirect" under server profiles;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - require write policy for key generation;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added multiple APN support for R11e-4G;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - improved SIM7600 initialization after reset;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed possible buffer overflow;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) snmp - fixed "rsrq" reported precision;
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) switch - added comment field to switch ACL rules;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) w60g - fixed disconnection issues in PtMP setups;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved system stability when scanning for other networks;
*) wireless - show "installation" parameter when printing configuration;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info " command;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.44beta61);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) certificate - show digest algorithm used in signature;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) hotspot - added "https-redirect" under server profiles;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - require write policy for key generation;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added multiple APN support for R11e-4G;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - improved SIM7600 initialization after reset;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed possible buffer overflow;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) snmp - fixed "rsrq" reported precision;
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) switch - added comment field to switch ACL rules;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) w60g - fixed disconnection issues in PtMP setups;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved system stability when scanning for other networks;
*) wireless - show "installation" parameter when printing configuration;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info " command;
Версия 6.44beta75
2019-02-11
What's new in 6.44beta75 (2019-Feb-08 08:02):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.44beta61);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) certificate - show digest algorithm used in signature;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) hotspot - added "https-redirect" under server profiles;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - require write policy for key generation;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added multiple APN support for R11e-4G;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - improved SIM7600 initialization after reset;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed possible buffer overflow;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) snmp - fixed "rsrq" reported precision;
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) switch - added comment field to switch ACL rules;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) w60g - fixed disconnection issues in PtMP setups;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved system stability when scanning for other networks;
*) wireless - show "installation" parameter when printing configuration;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info " command;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.44beta61);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) certificate - show digest algorithm used in signature;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) hotspot - added "https-redirect" under server profiles;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - require write policy for key generation;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added multiple APN support for R11e-4G;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - improved SIM7600 initialization after reset;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed possible buffer overflow;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) snmp - fixed "rsrq" reported precision;
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) switch - added comment field to switch ACL rules;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) w60g - fixed disconnection issues in PtMP setups;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved system stability when scanning for other networks;
*) wireless - show "installation" parameter when printing configuration;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info " command;
Версия 6.44beta75
2019-02-11
What's new in 6.44beta75 (2019-Feb-08 08:02):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.44beta61);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) certificate - show digest algorithm used in signature;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) hotspot - added "https-redirect" under server profiles;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - require write policy for key generation;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added multiple APN support for R11e-4G;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - improved SIM7600 initialization after reset;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed possible buffer overflow;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) snmp - fixed "rsrq" reported precision;
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) switch - added comment field to switch ACL rules;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) w60g - fixed disconnection issues in PtMP setups;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved system stability when scanning for other networks;
*) wireless - show "installation" parameter when printing configuration;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info " command;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.44beta61);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) certificate - show digest algorithm used in signature;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - fixed SFP+ linking using 1.25G SFP modules (introduced in v6.44beta39);
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) hotspot - added "https-redirect" under server profiles;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - require write policy for key generation;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) lldp - fixed missing capabilities fields on some devices;
*) lte - added multiple APN support for R11e-4G;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - improved SIM7600 initialization after reset;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) sfp - fixed possible reboot loop when inserting SFP modules in CRS328-4C-20S-4S+ (introduced in v6.44beta61);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed possible buffer overflow;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) snmp - fixed "rsrq" reported precision;
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) switch - added comment field to switch ACL rules;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) w60g - fixed disconnection issues in PtMP setups;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved system stability when scanning for other networks;
*) wireless - show "installation" parameter when printing configuration;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) supout - fixed "poe-out" output not showing all interfaces;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info " command;
Версия 6.44beta61
2019-01-18
What's new in 6.44beta61 (2019-Jan-17 13:24):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) console - updated copyright notice;
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - moved "profile" menu outside "peer" menu;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) profile - removed obsolete "file-name" parameter;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed public key format compatibility with RFC4716;
*) supout - fixed "poe-out" output not showing all interfaces;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - increased reported "rsrq" precision;
*) vrrp - made "password" parameter sensitive;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - fixed missing w60g interface status values;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info " command;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) console - updated copyright notice;
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - moved "profile" menu outside "peer" menu;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) profile - removed obsolete "file-name" parameter;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed public key format compatibility with RFC4716;
*) supout - fixed "poe-out" output not showing all interfaces;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - increased reported "rsrq" precision;
*) vrrp - made "password" parameter sensitive;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - fixed missing w60g interface status values;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info " command;
Версия 6.44beta61
2019-01-18
What's new in 6.44beta61 (2019-Jan-17 13:24):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) console - updated copyright notice;
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - moved "profile" menu outside "peer" menu;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) profile - removed obsolete "file-name" parameter;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed public key format compatibility with RFC4716;
*) supout - fixed "poe-out" output not showing all interfaces;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - increased reported "rsrq" precision;
*) vrrp - made "password" parameter sensitive;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - fixed missing w60g interface status values;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info " command;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) console - updated copyright notice;
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - moved "profile" menu outside "peer" menu;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) profile - removed obsolete "file-name" parameter;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed public key format compatibility with RFC4716;
*) supout - fixed "poe-out" output not showing all interfaces;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - increased reported "rsrq" precision;
*) vrrp - made "password" parameter sensitive;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - fixed missing w60g interface status values;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info " command;
Версия 6.44beta61
2019-01-18
What's new in 6.44beta61 (2019-Jan-17 13:24):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) console - updated copyright notice;
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - moved "profile" menu outside "peer" menu;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) profile - removed obsolete "file-name" parameter;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed public key format compatibility with RFC4716;
*) supout - fixed "poe-out" output not showing all interfaces;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - increased reported "rsrq" precision;
*) vrrp - made "password" parameter sensitive;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - fixed missing w60g interface status values;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info " command;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) console - updated copyright notice;
*) crs3xx - fixed slow bootup, upgrade and SFP status read (introduced in v6.44beta20);
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) ike1 - fixed "rsa-key" authentication (introduced in v6.44beta);
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - moved "profile" menu outside "peer" menu;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) lte - fixed DHCP IP acquire in 3G mode for r11e-lte (introduced in v6.44beta54);
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) profile - removed obsolete "file-name" parameter;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed public key format compatibility with RFC4716;
*) supout - fixed "poe-out" output not showing all interfaces;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - increased reported "rsrq" precision;
*) vrrp - made "password" parameter sensitive;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - fixed missing w60g interface status values;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info " command;
Версия 6.44beta6
2018-09-11
What's new in 6.44beta6 (2018-Sep-11 08:52):
Changes in this release:
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - log only failed pool additions;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed ACL rules on IPQ4018 devices;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
Changes in this release:
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - log only failed pool additions;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed ACL rules on IPQ4018 devices;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
Версия 6.44beta6
2018-09-11
What's new in 6.44beta6 (2018-Sep-11 08:52):
Changes in this release:
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - log only failed pool additions;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed ACL rules on IPQ4018 devices;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
Changes in this release:
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - log only failed pool additions;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed ACL rules on IPQ4018 devices;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
Версия 6.44beta6
2018-09-11
What's new in 6.44beta6 (2018-Sep-11 08:52):
Changes in this release:
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - log only failed pool additions;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed ACL rules on IPQ4018 devices;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
Changes in this release:
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - log only failed pool additions;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed ACL rules on IPQ4018 devices;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
Версия 6.44beta54
2019-01-07
What's new in 6.44beta54 (2019-Jan-07 08:27):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - fixed "rsrq" reported precision;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info <country>" command;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - fixed missing w60g interface status values;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - fixed "rsrq" reported precision;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info <country>" command;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - fixed missing w60g interface status values;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Версия 6.44beta54
2019-01-07
What's new in 6.44beta54 (2019-Jan-07 08:27):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - fixed "rsrq" reported precision;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info <country>" command;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - fixed missing w60g interface status values;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - fixed "rsrq" reported precision;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info <country>" command;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - fixed missing w60g interface status values;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Версия 6.44beta54
2019-01-07
What's new in 6.44beta54 (2019-Jan-07 08:27):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - fixed "rsrq" reported precision;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info <country>" command;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - fixed missing w60g interface status values;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - fixed "rsrq" reported precision;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info <country>" command;
Other changes since v6.43.8:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SimCom 7100e support;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed public key format compatibility with RFC4716;
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - fixed missing w60g interface status values;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Версия 6.44beta50
2018-12-18
What's new in 6.44beta50 (2018-Dec-17 13:01):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
*) bgp - properly update keepalive time after peer restart;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed IPv6 link-local address generation when auto-mac=yes;
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) cloud - added "ddns-update-interval" parameter;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - properly remove system note after configuration reset;
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) lte - added "ecno" field for "info" command;
*) lte - disallow setting LTE interface as passthrough target;
*) lte - fixed passthrough functionality when interface is removed;
*) lte - improved SimCom 7100e support;
*) lte - increased reported "rsrq" precision;
*) lte - reset USB when non-default slot is used;
*) package - use bundled package by default if standalone packages are installed as well;
*) ppp - added "at-chat" command;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) ssh - fixed public key format compatibility with RFC4716;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) traceroute - improved stability when sending large ping amounts;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) user - require "write" permissions for LTE firmware update;
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - fixed missing w60g interface status values;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) wireless - improvements in wireless frequency selection;
*) wireless - improved system stability for all ARM devices with wireless;
Other changes since v6.43.7:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
*) bgp - properly update keepalive time after peer restart;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed IPv6 link-local address generation when auto-mac=yes;
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) cloud - added "ddns-update-interval" parameter;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - properly remove system note after configuration reset;
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) lte - added "ecno" field for "info" command;
*) lte - disallow setting LTE interface as passthrough target;
*) lte - fixed passthrough functionality when interface is removed;
*) lte - improved SimCom 7100e support;
*) lte - increased reported "rsrq" precision;
*) lte - reset USB when non-default slot is used;
*) package - use bundled package by default if standalone packages are installed as well;
*) ppp - added "at-chat" command;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) ssh - fixed public key format compatibility with RFC4716;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) traceroute - improved stability when sending large ping amounts;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) user - require "write" permissions for LTE firmware update;
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - fixed missing w60g interface status values;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) wireless - improvements in wireless frequency selection;
*) wireless - improved system stability for all ARM devices with wireless;
Other changes since v6.43.7:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Версия 6.44beta50
2018-12-18
What's new in 6.44beta50 (2018-Dec-17 13:01):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
*) bgp - properly update keepalive time after peer restart;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed IPv6 link-local address generation when auto-mac=yes;
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) cloud - added "ddns-update-interval" parameter;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - properly remove system note after configuration reset;
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) lte - added "ecno" field for "info" command;
*) lte - disallow setting LTE interface as passthrough target;
*) lte - fixed passthrough functionality when interface is removed;
*) lte - improved SimCom 7100e support;
*) lte - increased reported "rsrq" precision;
*) lte - reset USB when non-default slot is used;
*) package - use bundled package by default if standalone packages are installed as well;
*) ppp - added "at-chat" command;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) ssh - fixed public key format compatibility with RFC4716;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) traceroute - improved stability when sending large ping amounts;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) user - require "write" permissions for LTE firmware update;
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - fixed missing w60g interface status values;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) wireless - improvements in wireless frequency selection;
*) wireless - improved system stability for all ARM devices with wireless;
Other changes since v6.43.7:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
*) bgp - properly update keepalive time after peer restart;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed IPv6 link-local address generation when auto-mac=yes;
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) cloud - added "ddns-update-interval" parameter;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - properly remove system note after configuration reset;
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) lte - added "ecno" field for "info" command;
*) lte - disallow setting LTE interface as passthrough target;
*) lte - fixed passthrough functionality when interface is removed;
*) lte - improved SimCom 7100e support;
*) lte - increased reported "rsrq" precision;
*) lte - reset USB when non-default slot is used;
*) package - use bundled package by default if standalone packages are installed as well;
*) ppp - added "at-chat" command;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) ssh - fixed public key format compatibility with RFC4716;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) traceroute - improved stability when sending large ping amounts;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) user - require "write" permissions for LTE firmware update;
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - fixed missing w60g interface status values;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) wireless - improvements in wireless frequency selection;
*) wireless - improved system stability for all ARM devices with wireless;
Other changes since v6.43.7:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Версия 6.44beta50
2018-12-18
What's new in 6.44beta50 (2018-Dec-17 13:01):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
*) bgp - properly update keepalive time after peer restart;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed IPv6 link-local address generation when auto-mac=yes;
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) cloud - added "ddns-update-interval" parameter;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - properly remove system note after configuration reset;
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) lte - added "ecno" field for "info" command;
*) lte - disallow setting LTE interface as passthrough target;
*) lte - fixed passthrough functionality when interface is removed;
*) lte - improved SimCom 7100e support;
*) lte - increased reported "rsrq" precision;
*) lte - reset USB when non-default slot is used;
*) package - use bundled package by default if standalone packages are installed as well;
*) ppp - added "at-chat" command;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) ssh - fixed public key format compatibility with RFC4716;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) traceroute - improved stability when sending large ping amounts;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) user - require "write" permissions for LTE firmware update;
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - fixed missing w60g interface status values;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) wireless - improvements in wireless frequency selection;
*) wireless - improved system stability for all ARM devices with wireless;
Other changes since v6.43.7:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
!) telnet - do not allow to set "tracefile" parameter;
*) bgp - properly update keepalive time after peer restart;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed IPv6 link-local address generation when auto-mac=yes;
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) cloud - added "ddns-update-interval" parameter;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - properly remove system note after configuration reset;
*) crs3xx - improved fan control stability;
*) crs3xx - improved stability when adding ACL rules on CRS326 and CRS328 devices (introduced in 6.44beta39);
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) lte - added "ecno" field for "info" command;
*) lte - disallow setting LTE interface as passthrough target;
*) lte - fixed passthrough functionality when interface is removed;
*) lte - improved SimCom 7100e support;
*) lte - increased reported "rsrq" precision;
*) lte - reset USB when non-default slot is used;
*) package - use bundled package by default if standalone packages are installed as well;
*) ppp - added "at-chat" command;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) ssh - fixed public key format compatibility with RFC4716;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) traceroute - improved stability when sending large ping amounts;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) user - require "write" permissions for LTE firmware update;
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP server" menu;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - fixed missing w60g interface status values;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) wireless - improvements in wireless frequency selection;
*) wireless - improved system stability for all ARM devices with wireless;
Other changes since v6.43.7:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Версия 6.44beta40
2018-11-28
What's new in 6.44beta40 (2018-Nov-28 12:46):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
Other changes since v6.43.4:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - fixed time zone adjustment for SCEP requests;
*) certificate - properly flush old CRLs when changing store location;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) gps - added "coordinate-format" parameter (CLI only);
*) health - fixed bad voltage readings on RB493G;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - properly update warnings under peer menu;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) log - properly handle long echo messages;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - added support for more ZTE MF90 modems;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "force-backup-booter" option only on devices that have such feature;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) timezone - updated timezone information from tzdata2018g release;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) userman - show redirect location in error messages;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
Other changes since v6.43.4:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - fixed time zone adjustment for SCEP requests;
*) certificate - properly flush old CRLs when changing store location;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) gps - added "coordinate-format" parameter (CLI only);
*) health - fixed bad voltage readings on RB493G;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - properly update warnings under peer menu;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) log - properly handle long echo messages;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - added support for more ZTE MF90 modems;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "force-backup-booter" option only on devices that have such feature;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) timezone - updated timezone information from tzdata2018g release;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) userman - show redirect location in error messages;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Версия 6.44beta40
2018-11-28
What's new in 6.44beta40 (2018-Nov-28 12:46):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
Other changes since v6.43.4:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - fixed time zone adjustment for SCEP requests;
*) certificate - properly flush old CRLs when changing store location;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) gps - added "coordinate-format" parameter (CLI only);
*) health - fixed bad voltage readings on RB493G;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - properly update warnings under peer menu;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) log - properly handle long echo messages;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - added support for more ZTE MF90 modems;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "force-backup-booter" option only on devices that have such feature;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) timezone - updated timezone information from tzdata2018g release;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) userman - show redirect location in error messages;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
Other changes since v6.43.4:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - fixed time zone adjustment for SCEP requests;
*) certificate - properly flush old CRLs when changing store location;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) gps - added "coordinate-format" parameter (CLI only);
*) health - fixed bad voltage readings on RB493G;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - properly update warnings under peer menu;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) log - properly handle long echo messages;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - added support for more ZTE MF90 modems;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "force-backup-booter" option only on devices that have such feature;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) timezone - updated timezone information from tzdata2018g release;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) userman - show redirect location in error messages;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Версия 6.44beta40
2018-11-28
What's new in 6.44beta40 (2018-Nov-28 12:46):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
Other changes since v6.43.4:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - fixed time zone adjustment for SCEP requests;
*) certificate - properly flush old CRLs when changing store location;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) gps - added "coordinate-format" parameter (CLI only);
*) health - fixed bad voltage readings on RB493G;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - properly update warnings under peer menu;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) log - properly handle long echo messages;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - added support for more ZTE MF90 modems;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "force-backup-booter" option only on devices that have such feature;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) timezone - updated timezone information from tzdata2018g release;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) userman - show redirect location in error messages;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) crs317 - fixed TX not working on sfp-sfpplus9 interface (introduced in v6.40beta12);
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu (CLI only);
Other changes since v6.43.4:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - fixed time zone adjustment for SCEP requests;
*) certificate - properly flush old CRLs when changing store location;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) gps - added "coordinate-format" parameter (CLI only);
*) health - fixed bad voltage readings on RB493G;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - properly update warnings under peer menu;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) log - properly handle long echo messages;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - added support for more ZTE MF90 modems;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) profiler - classify kernel crypto processing as "encrypting";
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "force-backup-booter" option only on devices that have such feature;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) timezone - updated timezone information from tzdata2018g release;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) userman - show redirect location in error messages;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
Версия 6.44beta39
2018-11-27
What's new in 6.44beta39 (2018-Nov-27 12:14):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
*) btest - added multithreading support for both UDP and TCP tests;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - properly flush old CRLs when changing store location;
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - properly detect time zone changes;
*) log - properly handle long echo messages;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for more ZTE MF90 modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) profiler - classify kernel crypto processing as "encrypting";
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - report last seen IP address in RADIUS accounting messages;
Other changes since v6.43:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) certificate - fixed time zone adjustment for SCEP requests;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - fixed bad voltage readings on RB493G;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly update warnings under peer menu;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "force-backup-booter" option only on devices that have such feature;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
*) btest - added multithreading support for both UDP and TCP tests;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - properly flush old CRLs when changing store location;
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - properly detect time zone changes;
*) log - properly handle long echo messages;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for more ZTE MF90 modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) profiler - classify kernel crypto processing as "encrypting";
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - report last seen IP address in RADIUS accounting messages;
Other changes since v6.43:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) certificate - fixed time zone adjustment for SCEP requests;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - fixed bad voltage readings on RB493G;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly update warnings under peer menu;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "force-backup-booter" option only on devices that have such feature;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
Версия 6.44beta39
2018-11-27
What's new in 6.44beta39 (2018-Nov-27 12:14):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
*) btest - added multithreading support for both UDP and TCP tests;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - properly flush old CRLs when changing store location;
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - properly detect time zone changes;
*) log - properly handle long echo messages;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for more ZTE MF90 modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) profiler - classify kernel crypto processing as "encrypting";
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - report last seen IP address in RADIUS accounting messages;
Other changes since v6.43:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) certificate - fixed time zone adjustment for SCEP requests;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - fixed bad voltage readings on RB493G;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly update warnings under peer menu;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "force-backup-booter" option only on devices that have such feature;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
*) btest - added multithreading support for both UDP and TCP tests;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - properly flush old CRLs when changing store location;
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - properly detect time zone changes;
*) log - properly handle long echo messages;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for more ZTE MF90 modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) profiler - classify kernel crypto processing as "encrypting";
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - report last seen IP address in RADIUS accounting messages;
Other changes since v6.43:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) certificate - fixed time zone adjustment for SCEP requests;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - fixed bad voltage readings on RB493G;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly update warnings under peer menu;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "force-backup-booter" option only on devices that have such feature;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
Версия 6.44beta39
2018-11-27
What's new in 6.44beta39 (2018-Nov-27 12:14):
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
*) btest - added multithreading support for both UDP and TCP tests;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - properly flush old CRLs when changing store location;
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - properly detect time zone changes;
*) log - properly handle long echo messages;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for more ZTE MF90 modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) profiler - classify kernel crypto processing as "encrypting";
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - report last seen IP address in RADIUS accounting messages;
Other changes since v6.43:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) certificate - fixed time zone adjustment for SCEP requests;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - fixed bad voltage readings on RB493G;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly update warnings under peer menu;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "force-backup-booter" option only on devices that have such feature;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
Important note!!! Backup before upgrade!
Due to major IPsec configuration changes in RouterOS v6.44beta39+ (see changelog below), it is advised to make a backup before upgrading. Regular downgrade will still be possible as long as no changes in IPsec peer menu are done.
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) radius - initial implementation of RadSec (Radius communication over TLS);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
*) btest - added multithreading support for both UDP and TCP tests;
*) bridge - properly disable dynamic CAP interfaces;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - properly flush old CRLs when changing store location;
*) certificate - added support for multiple "Subject Alt. Names" (CLI only);
*) chr - correctly initialize grant table version 1;
*) cloud - added "ddns-update-interval" parameter (CLI only);
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter) (CLI only);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) gps - added "coordinate-format" parameter (CLI only);
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - added new "remote-id" peer matcher (CLI only);
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) kidcontrol - properly detect time zone changes;
*) log - properly handle long echo messages;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added support for more ZTE MF90 modems;
*) lte - improved compatibility for Alt38xx modems;
*) lte - increased reported "rsrq" precision (CLI only);
*) profiler - classify kernel crypto processing as "encrypting";
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) userman - show redirect location in error messages;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - report last seen IP address in RADIUS accounting messages;
Other changes since v6.43:
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) certificate - fixed time zone adjustment for SCEP requests;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - fixed bad voltage readings on RB493G;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly update warnings under peer menu;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "force-backup-booter" option only on devices that have such feature;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
Версия 6.44beta28
2018-10-29
What's new in 6.44beta28 (2018-Oct-29 07:58):
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) radius - initial implementation of RadSec (Radius communication over TLS);
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) certificate - fixed time zone adjustment for SCEP requests;
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - fixed bad voltage readings on RB493G;
*) ike2 - added option to specify certificate chain;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly update warnings under peer menu;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "boot-os" and "force-backup-booter" option only on devices that have such feature;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) upgrade - made security package depend on DHCP package;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - renamed "frequency-list" to "scan-list";
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - added align mode "/interface w60g align" (CLI only);
Other changes since v6.43:
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) radius - initial implementation of RadSec (Radius communication over TLS);
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) certificate - fixed time zone adjustment for SCEP requests;
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - fixed bad voltage readings on RB493G;
*) ike2 - added option to specify certificate chain;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly update warnings under peer menu;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "boot-os" and "force-backup-booter" option only on devices that have such feature;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) upgrade - made security package depend on DHCP package;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - renamed "frequency-list" to "scan-list";
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - added align mode "/interface w60g align" (CLI only);
Other changes since v6.43:
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
Версия 6.44beta28
2018-10-29
What's new in 6.44beta28 (2018-Oct-29 07:58):
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) radius - initial implementation of RadSec (Radius communication over TLS);
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) certificate - fixed time zone adjustment for SCEP requests;
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - fixed bad voltage readings on RB493G;
*) ike2 - added option to specify certificate chain;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly update warnings under peer menu;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "boot-os" and "force-backup-booter" option only on devices that have such feature;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) upgrade - made security package depend on DHCP package;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - renamed "frequency-list" to "scan-list";
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - added align mode "/interface w60g align" (CLI only);
Other changes since v6.43:
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) radius - initial implementation of RadSec (Radius communication over TLS);
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) certificate - fixed time zone adjustment for SCEP requests;
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - fixed bad voltage readings on RB493G;
*) ike2 - added option to specify certificate chain;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly update warnings under peer menu;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "boot-os" and "force-backup-booter" option only on devices that have such feature;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) upgrade - made security package depend on DHCP package;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - renamed "frequency-list" to "scan-list";
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - added align mode "/interface w60g align" (CLI only);
Other changes since v6.43:
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
Версия 6.44beta28
2018-10-29
What's new in 6.44beta28 (2018-Oct-29 07:58):
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) radius - initial implementation of RadSec (Radius communication over TLS);
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) certificate - fixed time zone adjustment for SCEP requests;
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - fixed bad voltage readings on RB493G;
*) ike2 - added option to specify certificate chain;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly update warnings under peer menu;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "boot-os" and "force-backup-booter" option only on devices that have such feature;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) upgrade - made security package depend on DHCP package;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - renamed "frequency-list" to "scan-list";
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - added align mode "/interface w60g align" (CLI only);
Other changes since v6.43:
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
!) radius - initial implementation of RadSec (Radius communication over TLS);
*) bridge - added option to monitor fast-forward status;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) certificate - fixed time zone adjustment for SCEP requests;
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed configuration not generating properly on upgrade;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) fetch - fixed fetching with "as-value" creating an empty file (introduced in v6.44beta20);
*) fetch - fixed "without-paging" option;
*) health - fixed bad voltage readings on RB493G;
*) ike2 - added option to specify certificate chain;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - properly update warnings under peer menu;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) ospf - improved stability while handling type-5 LSAs;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rbm33g - improved stability when used with some USB devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) routerboard - show "boot-os" and "force-backup-booter" option only on devices that have such feature;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) ssh - added error log message when key exchange fails;
*) ssh - fixed non-interactive shell not returning all output (introduced in v6.44);
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) upgrade - made security package depend on DHCP package;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - renamed "frequency-list" to "scan-list";
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - added align mode "/interface w60g align" (CLI only);
Other changes since v6.43:
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
Версия 6.44beta20
2018-10-10
What's new in 6.44beta20 (2018-Oct-09 09:29):
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - properly read "eeprom" data after different module inserted in disabled interface;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) w60g - general stability and performance improvements;
*) w60g - improved stability for short distance links;
Other changes since v6.43:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) ntp - fixed possible NTP server stuck in "started" state;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - properly read "eeprom" data after different module inserted in disabled interface;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) w60g - general stability and performance improvements;
*) w60g - improved stability for short distance links;
Other changes since v6.43:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) ntp - fixed possible NTP server stuck in "started" state;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
Версия 6.44beta20
2018-10-10
What's new in 6.44beta20 (2018-Oct-09 09:29):
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - properly read "eeprom" data after different module inserted in disabled interface;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) w60g - general stability and performance improvements;
*) w60g - improved stability for short distance links;
Other changes since v6.43:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) ntp - fixed possible NTP server stuck in "started" state;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - properly read "eeprom" data after different module inserted in disabled interface;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) w60g - general stability and performance improvements;
*) w60g - improved stability for short distance links;
Other changes since v6.43:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) ntp - fixed possible NTP server stuck in "started" state;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
Версия 6.44beta20
2018-10-10
What's new in 6.44beta20 (2018-Oct-09 09:29):
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - properly read "eeprom" data after different module inserted in disabled interface;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) w60g - general stability and performance improvements;
*) w60g - improved stability for short distance links;
Other changes since v6.43:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) ntp - fixed possible NTP server stuck in "started" state;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) crs328 - fixed SFP+ interface linking on CRS328-24P-4S+RM (introduced in v6.44beta17);
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - properly read "eeprom" data after different module inserted in disabled interface;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour (CLI only);
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) w60g - general stability and performance improvements;
*) w60g - improved stability for short distance links;
Other changes since v6.43:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) ntp - fixed possible NTP server stuck in "started" state;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved stability for 802.11ac;
Версия 6.44beta17
2018-10-05
What's new in 6.44beta17 (2018-Oct-04 09:42):
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
Other changes since v6.43:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) ntp - fixed possible NTP server stuck in "started" state;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved stability for 802.11ac;
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
Other changes since v6.43:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) ntp - fixed possible NTP server stuck in "started" state;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved stability for 802.11ac;
Версия 6.44beta17
2018-10-05
What's new in 6.44beta17 (2018-Oct-04 09:42):
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
Other changes since v6.43:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) ntp - fixed possible NTP server stuck in "started" state;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved stability for 802.11ac;
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
Other changes since v6.43:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) ntp - fixed possible NTP server stuck in "started" state;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved stability for 802.11ac;
Версия 6.44beta17
2018-10-05
What's new in 6.44beta17 (2018-Oct-04 09:42):
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
Other changes since v6.43:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) ntp - fixed possible NTP server stuck in "started" state;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved stability for 802.11ac;
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
Other changes since v6.43:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) ntp - fixed possible NTP server stuck in "started" state;
*) proxy - removed port list size limit;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) switch - fixed ACL rules on IPQ4018 devices;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) wireless - improved stability for 802.11ac;
Версия 6.44beta14
2018-10-02
What's new in 6.44beta14 (2018-Oct-01 12:01):
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) cloud - improved DDNS service disabling;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) ntp - fixed possible NTP server stuck in "started" state;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added interface stats;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) wireless - improved stability for 802.11ac;
Other changes since v6.43:
*) bridge - improved packet handling when hardware offloading is being disabled;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) switch - fixed ACL rules on IPQ4018 devices;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) cloud - improved DDNS service disabling;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) ntp - fixed possible NTP server stuck in "started" state;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added interface stats;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) wireless - improved stability for 802.11ac;
Other changes since v6.43:
*) bridge - improved packet handling when hardware offloading is being disabled;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) switch - fixed ACL rules on IPQ4018 devices;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
Версия 6.44beta14
2018-10-02
What's new in 6.44beta14 (2018-Oct-01 12:01):
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) cloud - improved DDNS service disabling;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) ntp - fixed possible NTP server stuck in "started" state;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added interface stats;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) wireless - improved stability for 802.11ac;
Other changes since v6.43:
*) bridge - improved packet handling when hardware offloading is being disabled;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) switch - fixed ACL rules on IPQ4018 devices;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) cloud - improved DDNS service disabling;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) ntp - fixed possible NTP server stuck in "started" state;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added interface stats;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) wireless - improved stability for 802.11ac;
Other changes since v6.43:
*) bridge - improved packet handling when hardware offloading is being disabled;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) switch - fixed ACL rules on IPQ4018 devices;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
Версия 6.44beta14
2018-10-02
What's new in 6.44beta14 (2018-Oct-01 12:01):
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) cloud - improved DDNS service disabling;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) ntp - fixed possible NTP server stuck in "started" state;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added interface stats;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) wireless - improved stability for 802.11ac;
Other changes since v6.43:
*) bridge - improved packet handling when hardware offloading is being disabled;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) switch - fixed ACL rules on IPQ4018 devices;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) cloud - improved DDNS service disabling;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters (CLI only);
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added support for JioFi JMR1040 modem;
*) ntp - fixed possible NTP server stuck in "started" state;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) snmp - fixed w60g station table;
*) snmp - report bridge ifSpeed as "0";
*) ssh - fixed single command execution (introduced in v6.44beta9);
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added interface stats;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
*) wireless - improved stability for 802.11ac;
Other changes since v6.43:
*) bridge - improved packet handling when hardware offloading is being disabled;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) discovery - properly use Sytem ID for "software-id" value on CHR;
*) e-mail - added info log message when e-mail is sent successfully;
*) ethernet - fixed IPv6 packet forwarding on IPQ4018 devices;
*) ike2 - added option to specify certificate chain;
*) ike2 - fixed local address lookup when initiating new connection;
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) proxy - removed port list size limit;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) switch - fixed ACL rules on IPQ4018 devices;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
Версия 6.43rc7
2018-05-08
What's new in 6.43rc7 (2018-May-08 06:08):
*) capsman - allow to change "radio-name" (CLI only);
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) kidcontrol - allow to edit discovered devices;
*) lte - do not allow to send "at-chat" commands for configless modems;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) capsman - allow to change "radio-name" (CLI only);
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) kidcontrol - allow to edit discovered devices;
*) lte - do not allow to send "at-chat" commands for configless modems;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Версия 6.43rc7
2018-05-08
What's new in 6.43rc7 (2018-May-08 06:08):
*) capsman - allow to change "radio-name" (CLI only);
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) kidcontrol - allow to edit discovered devices;
*) lte - do not allow to send "at-chat" commands for configless modems;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) capsman - allow to change "radio-name" (CLI only);
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) kidcontrol - allow to edit discovered devices;
*) lte - do not allow to send "at-chat" commands for configless modems;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Версия 6.43rc7
2018-05-08
What's new in 6.43rc7 (2018-May-08 06:08):
*) capsman - allow to change "radio-name" (CLI only);
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) kidcontrol - allow to edit discovered devices;
*) lte - do not allow to send "at-chat" commands for configless modems;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) capsman - allow to change "radio-name" (CLI only);
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) kidcontrol - allow to edit discovered devices;
*) lte - do not allow to send "at-chat" commands for configless modems;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Версия 6.43rc66
2018-08-30
What's new in 6.43rc66 (2018-Aug-28 13:36):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added support for BPDU Guard;
*) bridge - added support for DHCP Snooping;
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) certificate - fixed RA "server-url" setting;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv6-client - improved dynamic IPv6 pool addition process;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
*) ipsec - fixed "static-dns" value storing;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500;
*) lte - fixed LTE registration in 2G/3G mode;
*) ppp - added support for Telit LM940 modem;
*) rb3011 - added IPsec hardware acceleration support;
*) snmp - fixed interface speed reporting for predefined rates;
*) supout - added "files" section to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
*) tr069-client - allow editing of "provisioning-code" attribute;
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) webfig - fixed www service becoming unresponsive;
*) winbox - added "tag-stacking" option to "Bridge/Ports";
*) winbox - fixed "bad-blocks" value presence under "System/Resources";
*) winbox - fixed "IP/IPsec/Peers" section sorting;
*) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - require "sniff" policy for wireless sniffer;
Other changes since v6.42.7:
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added support for DHCP Option 82 (CLI only);
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) cloud - close local UDP port if no activity;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - fixed packet forwarding when "frame-type" is changed (introduced in v6.43rc51);
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) dhcpv6-client - fixed false invalid flag (introduced in v6.43rc56);
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) health - added missing parameters from export;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) lte - added "sector-id" to info command;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) ppp - added support for Alfa Network U4G modem;
*) snmp - added EAP identity to CAPsMAN registration table;
*) supout - added monitored bridge VLAN table to supout file;
*) tr069-client - use SNI extension for HTTPS;
*) ups - improved UPS serial parsing stability;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - updated "czech republic" regulatory domain information;
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added support for BPDU Guard;
*) bridge - added support for DHCP Snooping;
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) certificate - fixed RA "server-url" setting;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv6-client - improved dynamic IPv6 pool addition process;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
*) ipsec - fixed "static-dns" value storing;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500;
*) lte - fixed LTE registration in 2G/3G mode;
*) ppp - added support for Telit LM940 modem;
*) rb3011 - added IPsec hardware acceleration support;
*) snmp - fixed interface speed reporting for predefined rates;
*) supout - added "files" section to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
*) tr069-client - allow editing of "provisioning-code" attribute;
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) webfig - fixed www service becoming unresponsive;
*) winbox - added "tag-stacking" option to "Bridge/Ports";
*) winbox - fixed "bad-blocks" value presence under "System/Resources";
*) winbox - fixed "IP/IPsec/Peers" section sorting;
*) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - require "sniff" policy for wireless sniffer;
Other changes since v6.42.7:
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added support for DHCP Option 82 (CLI only);
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) cloud - close local UDP port if no activity;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - fixed packet forwarding when "frame-type" is changed (introduced in v6.43rc51);
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) dhcpv6-client - fixed false invalid flag (introduced in v6.43rc56);
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) health - added missing parameters from export;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) lte - added "sector-id" to info command;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) ppp - added support for Alfa Network U4G modem;
*) snmp - added EAP identity to CAPsMAN registration table;
*) supout - added monitored bridge VLAN table to supout file;
*) tr069-client - use SNI extension for HTTPS;
*) ups - improved UPS serial parsing stability;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - updated "czech republic" regulatory domain information;
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc66
2018-08-30
What's new in 6.43rc66 (2018-Aug-28 13:36):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added support for BPDU Guard;
*) bridge - added support for DHCP Snooping;
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) certificate - fixed RA "server-url" setting;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv6-client - improved dynamic IPv6 pool addition process;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
*) ipsec - fixed "static-dns" value storing;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500;
*) lte - fixed LTE registration in 2G/3G mode;
*) ppp - added support for Telit LM940 modem;
*) rb3011 - added IPsec hardware acceleration support;
*) snmp - fixed interface speed reporting for predefined rates;
*) supout - added "files" section to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
*) tr069-client - allow editing of "provisioning-code" attribute;
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) webfig - fixed www service becoming unresponsive;
*) winbox - added "tag-stacking" option to "Bridge/Ports";
*) winbox - fixed "bad-blocks" value presence under "System/Resources";
*) winbox - fixed "IP/IPsec/Peers" section sorting;
*) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - require "sniff" policy for wireless sniffer;
Other changes since v6.42.7:
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added support for DHCP Option 82 (CLI only);
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) cloud - close local UDP port if no activity;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - fixed packet forwarding when "frame-type" is changed (introduced in v6.43rc51);
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) dhcpv6-client - fixed false invalid flag (introduced in v6.43rc56);
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) health - added missing parameters from export;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) lte - added "sector-id" to info command;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) ppp - added support for Alfa Network U4G modem;
*) snmp - added EAP identity to CAPsMAN registration table;
*) supout - added monitored bridge VLAN table to supout file;
*) tr069-client - use SNI extension for HTTPS;
*) ups - improved UPS serial parsing stability;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - updated "czech republic" regulatory domain information;
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added support for BPDU Guard;
*) bridge - added support for DHCP Snooping;
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) certificate - fixed RA "server-url" setting;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv6-client - improved dynamic IPv6 pool addition process;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
*) ipsec - fixed "static-dns" value storing;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500;
*) lte - fixed LTE registration in 2G/3G mode;
*) ppp - added support for Telit LM940 modem;
*) rb3011 - added IPsec hardware acceleration support;
*) snmp - fixed interface speed reporting for predefined rates;
*) supout - added "files" section to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
*) tr069-client - allow editing of "provisioning-code" attribute;
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) webfig - fixed www service becoming unresponsive;
*) winbox - added "tag-stacking" option to "Bridge/Ports";
*) winbox - fixed "bad-blocks" value presence under "System/Resources";
*) winbox - fixed "IP/IPsec/Peers" section sorting;
*) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - require "sniff" policy for wireless sniffer;
Other changes since v6.42.7:
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added support for DHCP Option 82 (CLI only);
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) cloud - close local UDP port if no activity;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - fixed packet forwarding when "frame-type" is changed (introduced in v6.43rc51);
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) dhcpv6-client - fixed false invalid flag (introduced in v6.43rc56);
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) health - added missing parameters from export;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) lte - added "sector-id" to info command;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) ppp - added support for Alfa Network U4G modem;
*) snmp - added EAP identity to CAPsMAN registration table;
*) supout - added monitored bridge VLAN table to supout file;
*) tr069-client - use SNI extension for HTTPS;
*) ups - improved UPS serial parsing stability;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - updated "czech republic" regulatory domain information;
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc66
2018-08-30
What's new in 6.43rc66 (2018-Aug-28 13:36):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added support for BPDU Guard;
*) bridge - added support for DHCP Snooping;
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) certificate - fixed RA "server-url" setting;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv6-client - improved dynamic IPv6 pool addition process;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
*) ipsec - fixed "static-dns" value storing;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500;
*) lte - fixed LTE registration in 2G/3G mode;
*) ppp - added support for Telit LM940 modem;
*) rb3011 - added IPsec hardware acceleration support;
*) snmp - fixed interface speed reporting for predefined rates;
*) supout - added "files" section to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
*) tr069-client - allow editing of "provisioning-code" attribute;
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) webfig - fixed www service becoming unresponsive;
*) winbox - added "tag-stacking" option to "Bridge/Ports";
*) winbox - fixed "bad-blocks" value presence under "System/Resources";
*) winbox - fixed "IP/IPsec/Peers" section sorting;
*) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - require "sniff" policy for wireless sniffer;
Other changes since v6.42.7:
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added support for DHCP Option 82 (CLI only);
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) cloud - close local UDP port if no activity;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - fixed packet forwarding when "frame-type" is changed (introduced in v6.43rc51);
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) dhcpv6-client - fixed false invalid flag (introduced in v6.43rc56);
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) health - added missing parameters from export;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) lte - added "sector-id" to info command;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) ppp - added support for Alfa Network U4G modem;
*) snmp - added EAP identity to CAPsMAN registration table;
*) supout - added monitored bridge VLAN table to supout file;
*) tr069-client - use SNI extension for HTTPS;
*) ups - improved UPS serial parsing stability;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - updated "czech republic" regulatory domain information;
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added support for BPDU Guard;
*) bridge - added support for DHCP Snooping;
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) certificate - fixed RA "server-url" setting;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv6-client - improved dynamic IPv6 pool addition process;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
*) ipsec - fixed "static-dns" value storing;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500;
*) lte - fixed LTE registration in 2G/3G mode;
*) ppp - added support for Telit LM940 modem;
*) rb3011 - added IPsec hardware acceleration support;
*) snmp - fixed interface speed reporting for predefined rates;
*) supout - added "files" section to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
*) tr069-client - allow editing of "provisioning-code" attribute;
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) webfig - fixed www service becoming unresponsive;
*) winbox - added "tag-stacking" option to "Bridge/Ports";
*) winbox - fixed "bad-blocks" value presence under "System/Resources";
*) winbox - fixed "IP/IPsec/Peers" section sorting;
*) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - require "sniff" policy for wireless sniffer;
Other changes since v6.42.7:
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added support for DHCP Option 82 (CLI only);
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) cloud - close local UDP port if no activity;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - fixed packet forwarding when "frame-type" is changed (introduced in v6.43rc51);
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) dhcpv6-client - fixed false invalid flag (introduced in v6.43rc56);
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) health - added missing parameters from export;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) lte - added "sector-id" to info command;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) ppp - added support for Alfa Network U4G modem;
*) snmp - added EAP identity to CAPsMAN registration table;
*) supout - added monitored bridge VLAN table to supout file;
*) tr069-client - use SNI extension for HTTPS;
*) ups - improved UPS serial parsing stability;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - updated "czech republic" regulatory domain information;
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc64
2018-08-24
What's new in 6.43rc64 (2018-Aug-23 08:02):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added support for DHCP Option 82 (CLI only);
*) bridge - added support for DHCP Snooping (CLI only);
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) cloud - close local UDP port if no activity;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - fixed packet forwarding when "frame-type" is changed (introduced in v6.43rc51);
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) dhcpv6-client - fixed false invalid flag (introduced in v6.43rc56);
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) health - added missing parameters from export;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) lte - added "sector-id" to info command;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) ppp - added support for Alfa Network U4G modem;
*) rb3011 - added IPsec hardware acceleration support;
*) snmp - added EAP identity to CAPsMAN registration table;
*) supout - added monitored bridge VLAN table to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chips;
*) tr069-client - use SNI extension for HTTPS;
*) ups - improved UPS serial parsing stability;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - updated "czech republic" regulatory domain information;
Other changes since v6.42.7:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added support for DHCP Option 82 (CLI only);
*) bridge - added support for DHCP Snooping (CLI only);
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) cloud - close local UDP port if no activity;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - fixed packet forwarding when "frame-type" is changed (introduced in v6.43rc51);
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) dhcpv6-client - fixed false invalid flag (introduced in v6.43rc56);
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) health - added missing parameters from export;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) lte - added "sector-id" to info command;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) ppp - added support for Alfa Network U4G modem;
*) rb3011 - added IPsec hardware acceleration support;
*) snmp - added EAP identity to CAPsMAN registration table;
*) supout - added monitored bridge VLAN table to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chips;
*) tr069-client - use SNI extension for HTTPS;
*) ups - improved UPS serial parsing stability;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - updated "czech republic" regulatory domain information;
Other changes since v6.42.7:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc64
2018-08-24
What's new in 6.43rc64 (2018-Aug-23 08:02):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added support for DHCP Option 82 (CLI only);
*) bridge - added support for DHCP Snooping (CLI only);
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) cloud - close local UDP port if no activity;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - fixed packet forwarding when "frame-type" is changed (introduced in v6.43rc51);
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) dhcpv6-client - fixed false invalid flag (introduced in v6.43rc56);
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) health - added missing parameters from export;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) lte - added "sector-id" to info command;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) ppp - added support for Alfa Network U4G modem;
*) rb3011 - added IPsec hardware acceleration support;
*) snmp - added EAP identity to CAPsMAN registration table;
*) supout - added monitored bridge VLAN table to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chips;
*) tr069-client - use SNI extension for HTTPS;
*) ups - improved UPS serial parsing stability;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - updated "czech republic" regulatory domain information;
Other changes since v6.42.7:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added support for DHCP Option 82 (CLI only);
*) bridge - added support for DHCP Snooping (CLI only);
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) cloud - close local UDP port if no activity;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - fixed packet forwarding when "frame-type" is changed (introduced in v6.43rc51);
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) dhcpv6-client - fixed false invalid flag (introduced in v6.43rc56);
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) health - added missing parameters from export;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) lte - added "sector-id" to info command;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) ppp - added support for Alfa Network U4G modem;
*) rb3011 - added IPsec hardware acceleration support;
*) snmp - added EAP identity to CAPsMAN registration table;
*) supout - added monitored bridge VLAN table to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chips;
*) tr069-client - use SNI extension for HTTPS;
*) ups - improved UPS serial parsing stability;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - updated "czech republic" regulatory domain information;
Other changes since v6.42.7:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc64
2018-08-24
What's new in 6.43rc64 (2018-Aug-23 08:02):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added support for DHCP Option 82 (CLI only);
*) bridge - added support for DHCP Snooping (CLI only);
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) cloud - close local UDP port if no activity;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - fixed packet forwarding when "frame-type" is changed (introduced in v6.43rc51);
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) dhcpv6-client - fixed false invalid flag (introduced in v6.43rc56);
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) health - added missing parameters from export;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) lte - added "sector-id" to info command;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) ppp - added support for Alfa Network U4G modem;
*) rb3011 - added IPsec hardware acceleration support;
*) snmp - added EAP identity to CAPsMAN registration table;
*) supout - added monitored bridge VLAN table to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chips;
*) tr069-client - use SNI extension for HTTPS;
*) ups - improved UPS serial parsing stability;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - updated "czech republic" regulatory domain information;
Other changes since v6.42.7:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added support for DHCP Option 82 (CLI only);
*) bridge - added support for DHCP Snooping (CLI only);
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) cloud - close local UDP port if no activity;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - fixed packet forwarding when "frame-type" is changed (introduced in v6.43rc51);
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) dhcpv6-client - fixed false invalid flag (introduced in v6.43rc56);
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) health - added missing parameters from export;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) lte - added "sector-id" to info command;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) ppp - added support for Alfa Network U4G modem;
*) rb3011 - added IPsec hardware acceleration support;
*) snmp - added EAP identity to CAPsMAN registration table;
*) supout - added monitored bridge VLAN table to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chips;
*) tr069-client - use SNI extension for HTTPS;
*) ups - improved UPS serial parsing stability;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - updated "czech republic" regulatory domain information;
Other changes since v6.42.7:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc6
2018-05-03
What's new in 6.43rc6 (2018-May-02 12:28):
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) quickset - fixed dual radio mode detection process;
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) quickset - fixed dual radio mode detection process;
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Версия 6.43rc6
2018-05-03
What's new in 6.43rc6 (2018-May-02 12:28):
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) quickset - fixed dual radio mode detection process;
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) quickset - fixed dual radio mode detection process;
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Версия 6.43rc6
2018-05-03
What's new in 6.43rc6 (2018-May-02 12:28):
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) quickset - fixed dual radio mode detection process;
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) quickset - fixed dual radio mode detection process;
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Версия 6.43rc56
2018-08-14
What's new in 6.43rc56 (2018-Aug-13 11:13):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
*) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ippool - improved used address error message;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ppp - fixed interface enabling after a while if none of them where active;
*) ppp - improved modem mode switching;
*) snmp - added "temp-exception" trap;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) ups - improved UPS serial parsing stability;
*) w60g - general stability and performance improvements;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "default-route-distance" parameter for "IPv6/DHCP-client" menu;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2 (CLI only);
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - updated "united-states" regulatory domain information;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SIM7600 registration info;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - properly display all flags for bridge host entries;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
*) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ippool - improved used address error message;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ppp - fixed interface enabling after a while if none of them where active;
*) ppp - improved modem mode switching;
*) snmp - added "temp-exception" trap;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) ups - improved UPS serial parsing stability;
*) w60g - general stability and performance improvements;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "default-route-distance" parameter for "IPv6/DHCP-client" menu;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2 (CLI only);
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - updated "united-states" regulatory domain information;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SIM7600 registration info;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - properly display all flags for bridge host entries;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc56
2018-08-14
What's new in 6.43rc56 (2018-Aug-13 11:13):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
*) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ippool - improved used address error message;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ppp - fixed interface enabling after a while if none of them where active;
*) ppp - improved modem mode switching;
*) snmp - added "temp-exception" trap;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) ups - improved UPS serial parsing stability;
*) w60g - general stability and performance improvements;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "default-route-distance" parameter for "IPv6/DHCP-client" menu;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2 (CLI only);
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - updated "united-states" regulatory domain information;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SIM7600 registration info;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - properly display all flags for bridge host entries;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
*) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ippool - improved used address error message;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ppp - fixed interface enabling after a while if none of them where active;
*) ppp - improved modem mode switching;
*) snmp - added "temp-exception" trap;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) ups - improved UPS serial parsing stability;
*) w60g - general stability and performance improvements;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "default-route-distance" parameter for "IPv6/DHCP-client" menu;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2 (CLI only);
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - updated "united-states" regulatory domain information;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SIM7600 registration info;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - properly display all flags for bridge host entries;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc56
2018-08-14
What's new in 6.43rc56 (2018-Aug-13 11:13):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
*) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ippool - improved used address error message;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ppp - fixed interface enabling after a while if none of them where active;
*) ppp - improved modem mode switching;
*) snmp - added "temp-exception" trap;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) ups - improved UPS serial parsing stability;
*) w60g - general stability and performance improvements;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "default-route-distance" parameter for "IPv6/DHCP-client" menu;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2 (CLI only);
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - updated "united-states" regulatory domain information;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SIM7600 registration info;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - properly display all flags for bridge host entries;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
*) bridge - added support for BPDU Guard (CLI only);
*) bridge - added support for DHCP Option 82 (disables hardware offloading, CLI only);
*) bridge - added support for DHCP Snooping (disables hardware offloading, CLI only);
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - improved packet handling;
*) cloud - added simultaneous IPv4/IPv6 support;
*) console - added "dont-require-permissions" parameter for scripts;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - fixed possible link flaps after disabling/enabling the interface (introduced in v6.43rc51);
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) hotspot - fixed customized HTML file usage (introduced in 6.43rc47);
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ippool - improved used address error message;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ppp - fixed interface enabling after a while if none of them where active;
*) ppp - improved modem mode switching;
*) snmp - added "temp-exception" trap;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute (CLI only);
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) ups - improved UPS serial parsing stability;
*) w60g - general stability and performance improvements;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "default-route-distance" parameter for "IPv6/DHCP-client" menu;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2 (CLI only);
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - updated "united-states" regulatory domain information;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SIM7600 registration info;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - properly display all flags for bridge host entries;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc51
2018-08-02
What's new in 6.43rc51 (2018-Aug-01 09:43):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) certificate - do not allow to perform "undo" on certificate changes;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added additional D-Link PIDs;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ospf - improved link-local LSA flooding;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) tile - added DES and 3DES hardware acceleration support;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - properly display all flags for bridge host entries;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) certificate - do not allow to perform "undo" on certificate changes;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added additional D-Link PIDs;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ospf - improved link-local LSA flooding;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) tile - added DES and 3DES hardware acceleration support;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - properly display all flags for bridge host entries;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc51
2018-08-02
What's new in 6.43rc51 (2018-Aug-01 09:43):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) certificate - do not allow to perform "undo" on certificate changes;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added additional D-Link PIDs;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ospf - improved link-local LSA flooding;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) tile - added DES and 3DES hardware acceleration support;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - properly display all flags for bridge host entries;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) certificate - do not allow to perform "undo" on certificate changes;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added additional D-Link PIDs;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ospf - improved link-local LSA flooding;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) tile - added DES and 3DES hardware acceleration support;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - properly display all flags for bridge host entries;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc51
2018-08-02
What's new in 6.43rc51 (2018-Aug-01 09:43):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) certificate - do not allow to perform "undo" on certificate changes;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added additional D-Link PIDs;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ospf - improved link-local LSA flooding;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) tile - added DES and 3DES hardware acceleration support;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - properly display all flags for bridge host entries;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - improved bridge port state changing process;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) certificate - do not allow to perform "undo" on certificate changes;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) ethernet - fixed default ethernet advertise values after configuration reset (introduced in v6.43rc33)
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - fixed "static-dns" value storing (CLI only);
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added additional D-Link PIDs;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ospf - improved link-local LSA flooding;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) tile - added DES and 3DES hardware acceleration support;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - properly display all flags for bridge host entries;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc5
2018-04-26
What's new in 6.43rc5 (2018-Apr-25 12:11):
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) lte - allow to execute concurrent internal AT commands;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) lte - allow to execute concurrent internal AT commands;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
Версия 6.43rc5
2018-04-26
What's new in 6.43rc5 (2018-Apr-25 12:11):
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) lte - allow to execute concurrent internal AT commands;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) lte - allow to execute concurrent internal AT commands;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
Версия 6.43rc5
2018-04-26
What's new in 6.43rc5 (2018-Apr-25 12:11):
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) lte - allow to execute concurrent internal AT commands;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) lte - allow to execute concurrent internal AT commands;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
Версия 6.43rc45
2018-07-23
What's new in 6.43rc45 (2018-Jul-17 08:30):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) lte - added additional ID support for SIM7600 modem;
*) sfp - fixed default advertised link speeds;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - temporary disabled distance measurement feature;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) lte - added additional ID support for SIM7600 modem;
*) sfp - fixed default advertised link speeds;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - temporary disabled distance measurement feature;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc45
2018-07-23
What's new in 6.43rc45 (2018-Jul-17 08:30):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) lte - added additional ID support for SIM7600 modem;
*) sfp - fixed default advertised link speeds;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - temporary disabled distance measurement feature;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) lte - added additional ID support for SIM7600 modem;
*) sfp - fixed default advertised link speeds;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - temporary disabled distance measurement feature;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc45
2018-07-23
What's new in 6.43rc45 (2018-Jul-17 08:30):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) lte - added additional ID support for SIM7600 modem;
*) sfp - fixed default advertised link speeds;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - temporary disabled distance measurement feature;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) ethernet - improved stability when changing ethernet interface L2MTU on CRS328-24P-4S+ (introduced in v6.43rc11);
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) lte - added additional ID support for SIM7600 modem;
*) sfp - fixed default advertised link speeds;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.6:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - temporary disabled distance measurement feature;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc44
2018-07-12
What's new in 6.43rc44 (2018-Jul-11 07:45):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) lte - added support for alternative SIM7600 PID;
*) sms - improved reliability on SMS reader;
*) w60g - temporary disabled distance measurement feature;
Other changes since v6.42.6:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) lte - added support for alternative SIM7600 PID;
*) sms - improved reliability on SMS reader;
*) w60g - temporary disabled distance measurement feature;
Other changes since v6.42.6:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc44
2018-07-12
What's new in 6.43rc44 (2018-Jul-11 07:45):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) lte - added support for alternative SIM7600 PID;
*) sms - improved reliability on SMS reader;
*) w60g - temporary disabled distance measurement feature;
Other changes since v6.42.6:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) lte - added support for alternative SIM7600 PID;
*) sms - improved reliability on SMS reader;
*) w60g - temporary disabled distance measurement feature;
Other changes since v6.42.6:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc44
2018-07-12
What's new in 6.43rc44 (2018-Jul-11 07:45):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) lte - added support for alternative SIM7600 PID;
*) sms - improved reliability on SMS reader;
*) w60g - temporary disabled distance measurement feature;
Other changes since v6.42.6:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - fixed tagged packet forwarding in 802.1ad aware bridges (introduced in 6.43rc13);
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) lte - added support for alternative SIM7600 PID;
*) sms - improved reliability on SMS reader;
*) w60g - temporary disabled distance measurement feature;
Other changes since v6.42.6:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - improved speed of health measurement readings;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc42
2018-07-05
What's new in 6.43rc42 (2018-Jul-04 15:07):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
*) check-installation - improved system integrity checking;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - improved balooning process;
*) chr - reduced RAM memory required per interface;
*) defconf - fixed bridge default configuration for SOHO devices with more than 9 Ethernet interfaces;
*) health - improved speed of health measurement readings;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) snmp - fixed w60g "phy-rate" readings;
*) w60g - general stability and performance improvements;
*) winbox - added 64,6 GHz frequency to w60g interface frequency settings;
Other changes since v6.42.5:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - properly handle packets when bridge port changes states
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs317 - properly report link state when one side has disabled interface;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "ip-cloud" section to supout file;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - do not reset interface after adding comment;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "sector-writes" on devices that have such counters;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
*) check-installation - improved system integrity checking;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - improved balooning process;
*) chr - reduced RAM memory required per interface;
*) defconf - fixed bridge default configuration for SOHO devices with more than 9 Ethernet interfaces;
*) health - improved speed of health measurement readings;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) snmp - fixed w60g "phy-rate" readings;
*) w60g - general stability and performance improvements;
*) winbox - added 64,6 GHz frequency to w60g interface frequency settings;
Other changes since v6.42.5:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - properly handle packets when bridge port changes states
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs317 - properly report link state when one side has disabled interface;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "ip-cloud" section to supout file;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - do not reset interface after adding comment;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "sector-writes" on devices that have such counters;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc42
2018-07-05
What's new in 6.43rc42 (2018-Jul-04 15:07):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
*) check-installation - improved system integrity checking;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - improved balooning process;
*) chr - reduced RAM memory required per interface;
*) defconf - fixed bridge default configuration for SOHO devices with more than 9 Ethernet interfaces;
*) health - improved speed of health measurement readings;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) snmp - fixed w60g "phy-rate" readings;
*) w60g - general stability and performance improvements;
*) winbox - added 64,6 GHz frequency to w60g interface frequency settings;
Other changes since v6.42.5:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - properly handle packets when bridge port changes states
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs317 - properly report link state when one side has disabled interface;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "ip-cloud" section to supout file;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - do not reset interface after adding comment;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "sector-writes" on devices that have such counters;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
*) check-installation - improved system integrity checking;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - improved balooning process;
*) chr - reduced RAM memory required per interface;
*) defconf - fixed bridge default configuration for SOHO devices with more than 9 Ethernet interfaces;
*) health - improved speed of health measurement readings;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) snmp - fixed w60g "phy-rate" readings;
*) w60g - general stability and performance improvements;
*) winbox - added 64,6 GHz frequency to w60g interface frequency settings;
Other changes since v6.42.5:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - properly handle packets when bridge port changes states
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs317 - properly report link state when one side has disabled interface;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "ip-cloud" section to supout file;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - do not reset interface after adding comment;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "sector-writes" on devices that have such counters;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc42
2018-07-05
What's new in 6.43rc42 (2018-Jul-04 15:07):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
*) check-installation - improved system integrity checking;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - improved balooning process;
*) chr - reduced RAM memory required per interface;
*) defconf - fixed bridge default configuration for SOHO devices with more than 9 Ethernet interfaces;
*) health - improved speed of health measurement readings;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) snmp - fixed w60g "phy-rate" readings;
*) w60g - general stability and performance improvements;
*) winbox - added 64,6 GHz frequency to w60g interface frequency settings;
Other changes since v6.42.5:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - properly handle packets when bridge port changes states
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs317 - properly report link state when one side has disabled interface;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "ip-cloud" section to supout file;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - do not reset interface after adding comment;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "sector-writes" on devices that have such counters;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
*) check-installation - improved system integrity checking;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - improved balooning process;
*) chr - reduced RAM memory required per interface;
*) defconf - fixed bridge default configuration for SOHO devices with more than 9 Ethernet interfaces;
*) health - improved speed of health measurement readings;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) snmp - fixed w60g "phy-rate" readings;
*) w60g - general stability and performance improvements;
*) winbox - added 64,6 GHz frequency to w60g interface frequency settings;
Other changes since v6.42.5:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - properly handle packets when bridge port changes states
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs317 - properly report link state when one side has disabled interface;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added CAPsMAN "remote-cap" table;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "ip-cloud" section to supout file;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - do not reset interface after adding comment;
*) watchdog - added "ping-timeout" setting;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "sector-writes" on devices that have such counters;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc40
2018-07-03
What's new in 6.43rc40 (2018-Jul-02 12:57):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release
!) cloud - added support for licensed CHR instances (including trial);
*) bridge - properly handle packets when bridge port changes states
*) crs317 - properly report link state when one side has disabled interface;
*) ethernet - properly handle Ethernet interface default configuration;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) snmp - added CAPsMAN "remote-cap" table;
*) supout - added "ip-cloud" section to supout file;
*) usb - fixed modem initialisation on LtAP mini;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) w60g - do not reset interface after adding comment;
*) watchdog - added "ping-timeout" setting;
*) winbox - show "sector-writes" on devices that have such counters;
*) winbox - show "Switch" menu on hAP ac^2 devices;
Other changes since v6.42.5:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release
!) cloud - added support for licensed CHR instances (including trial);
*) bridge - properly handle packets when bridge port changes states
*) crs317 - properly report link state when one side has disabled interface;
*) ethernet - properly handle Ethernet interface default configuration;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) snmp - added CAPsMAN "remote-cap" table;
*) supout - added "ip-cloud" section to supout file;
*) usb - fixed modem initialisation on LtAP mini;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) w60g - do not reset interface after adding comment;
*) watchdog - added "ping-timeout" setting;
*) winbox - show "sector-writes" on devices that have such counters;
*) winbox - show "Switch" menu on hAP ac^2 devices;
Other changes since v6.42.5:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc40
2018-07-03
What's new in 6.43rc40 (2018-Jul-02 12:57):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release
!) cloud - added support for licensed CHR instances (including trial);
*) bridge - properly handle packets when bridge port changes states
*) crs317 - properly report link state when one side has disabled interface;
*) ethernet - properly handle Ethernet interface default configuration;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) snmp - added CAPsMAN "remote-cap" table;
*) supout - added "ip-cloud" section to supout file;
*) usb - fixed modem initialisation on LtAP mini;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) w60g - do not reset interface after adding comment;
*) watchdog - added "ping-timeout" setting;
*) winbox - show "sector-writes" on devices that have such counters;
*) winbox - show "Switch" menu on hAP ac^2 devices;
Other changes since v6.42.5:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release
!) cloud - added support for licensed CHR instances (including trial);
*) bridge - properly handle packets when bridge port changes states
*) crs317 - properly report link state when one side has disabled interface;
*) ethernet - properly handle Ethernet interface default configuration;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) snmp - added CAPsMAN "remote-cap" table;
*) supout - added "ip-cloud" section to supout file;
*) usb - fixed modem initialisation on LtAP mini;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) w60g - do not reset interface after adding comment;
*) watchdog - added "ping-timeout" setting;
*) winbox - show "sector-writes" on devices that have such counters;
*) winbox - show "Switch" menu on hAP ac^2 devices;
Other changes since v6.42.5:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc40
2018-07-03
What's new in 6.43rc40 (2018-Jul-02 12:57):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release
!) cloud - added support for licensed CHR instances (including trial);
*) bridge - properly handle packets when bridge port changes states
*) crs317 - properly report link state when one side has disabled interface;
*) ethernet - properly handle Ethernet interface default configuration;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) snmp - added CAPsMAN "remote-cap" table;
*) supout - added "ip-cloud" section to supout file;
*) usb - fixed modem initialisation on LtAP mini;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) w60g - do not reset interface after adding comment;
*) watchdog - added "ping-timeout" setting;
*) winbox - show "sector-writes" on devices that have such counters;
*) winbox - show "Switch" menu on hAP ac^2 devices;
Other changes since v6.42.5:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release
!) cloud - added support for licensed CHR instances (including trial);
*) bridge - properly handle packets when bridge port changes states
*) crs317 - properly report link state when one side has disabled interface;
*) ethernet - properly handle Ethernet interface default configuration;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) snmp - added CAPsMAN "remote-cap" table;
*) supout - added "ip-cloud" section to supout file;
*) usb - fixed modem initialisation on LtAP mini;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) w60g - do not reset interface after adding comment;
*) watchdog - added "ping-timeout" setting;
*) winbox - show "sector-writes" on devices that have such counters;
*) winbox - show "Switch" menu on hAP ac^2 devices;
Other changes since v6.42.5:
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - do not show spare parameters on ping command;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) supout - added "w60g" section to supout file;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc4
2018-04-23
What's new in 6.43rc4 (2018-Apr-23 10:59):
!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
Other changes since v6.42:
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved compatibility with BCM chipset devices;
!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
Other changes since v6.42:
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved compatibility with BCM chipset devices;
Версия 6.43rc4
2018-04-23
What's new in 6.43rc4 (2018-Apr-23 10:59):
!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
Other changes since v6.42:
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved compatibility with BCM chipset devices;
!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
Other changes since v6.42:
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved compatibility with BCM chipset devices;
Версия 6.43rc4
2018-04-23
What's new in 6.43rc4 (2018-Apr-23 10:59):
!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
Other changes since v6.42:
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved compatibility with BCM chipset devices;
!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
Other changes since v6.42:
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved compatibility with BCM chipset devices;
Версия 6.43rc34
2018-06-25
What's new in 6.43rc34 (2018-Jun-21 09:03):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release
!) cloud - added IPv6 support;
*) console - do not show spare parameters on ping command;
*) crs317 - properly report link state when one link interface is disabled;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) dhcpv4-client - fixed double ACK packet handling;
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) led - fixed LED default configuration for LtAP mini;
*) lte - added eNB ID to info command;
*) ssh - allow to use "diffie-hellman-group1-sha1" on TILE and x86 devices with "strong-crypto" disabled;
*) supout - added "w60g" section to supout file;
*) watchdog - added "ping-timeout" setting (CLI only);
*) winbox - show "sector-writes" on ARM routers that has such counters;
*) winbox - show "System/Health" only on boards that have health monitoring;
Other changes since v6.42.4:
*) api - properly classify API sessions in log;
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - enabled promiscious mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximal achievable distance;
*) w60g - improved maximum link distance;
*) w60g - properly report center status under "tx-sector-info";
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release
!) cloud - added IPv6 support;
*) console - do not show spare parameters on ping command;
*) crs317 - properly report link state when one link interface is disabled;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) dhcpv4-client - fixed double ACK packet handling;
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) led - fixed LED default configuration for LtAP mini;
*) lte - added eNB ID to info command;
*) ssh - allow to use "diffie-hellman-group1-sha1" on TILE and x86 devices with "strong-crypto" disabled;
*) supout - added "w60g" section to supout file;
*) watchdog - added "ping-timeout" setting (CLI only);
*) winbox - show "sector-writes" on ARM routers that has such counters;
*) winbox - show "System/Health" only on boards that have health monitoring;
Other changes since v6.42.4:
*) api - properly classify API sessions in log;
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - enabled promiscious mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximal achievable distance;
*) w60g - improved maximum link distance;
*) w60g - properly report center status under "tx-sector-info";
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc34
2018-06-25
What's new in 6.43rc34 (2018-Jun-21 09:03):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release
!) cloud - added IPv6 support;
*) console - do not show spare parameters on ping command;
*) crs317 - properly report link state when one link interface is disabled;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) dhcpv4-client - fixed double ACK packet handling;
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) led - fixed LED default configuration for LtAP mini;
*) lte - added eNB ID to info command;
*) ssh - allow to use "diffie-hellman-group1-sha1" on TILE and x86 devices with "strong-crypto" disabled;
*) supout - added "w60g" section to supout file;
*) watchdog - added "ping-timeout" setting (CLI only);
*) winbox - show "sector-writes" on ARM routers that has such counters;
*) winbox - show "System/Health" only on boards that have health monitoring;
Other changes since v6.42.4:
*) api - properly classify API sessions in log;
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - enabled promiscious mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximal achievable distance;
*) w60g - improved maximum link distance;
*) w60g - properly report center status under "tx-sector-info";
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release
!) cloud - added IPv6 support;
*) console - do not show spare parameters on ping command;
*) crs317 - properly report link state when one link interface is disabled;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) dhcpv4-client - fixed double ACK packet handling;
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) led - fixed LED default configuration for LtAP mini;
*) lte - added eNB ID to info command;
*) ssh - allow to use "diffie-hellman-group1-sha1" on TILE and x86 devices with "strong-crypto" disabled;
*) supout - added "w60g" section to supout file;
*) watchdog - added "ping-timeout" setting (CLI only);
*) winbox - show "sector-writes" on ARM routers that has such counters;
*) winbox - show "System/Health" only on boards that have health monitoring;
Other changes since v6.42.4:
*) api - properly classify API sessions in log;
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - enabled promiscious mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximal achievable distance;
*) w60g - improved maximum link distance;
*) w60g - properly report center status under "tx-sector-info";
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc34
2018-06-25
What's new in 6.43rc34 (2018-Jun-21 09:03):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release
!) cloud - added IPv6 support;
*) console - do not show spare parameters on ping command;
*) crs317 - properly report link state when one link interface is disabled;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) dhcpv4-client - fixed double ACK packet handling;
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) led - fixed LED default configuration for LtAP mini;
*) lte - added eNB ID to info command;
*) ssh - allow to use "diffie-hellman-group1-sha1" on TILE and x86 devices with "strong-crypto" disabled;
*) supout - added "w60g" section to supout file;
*) watchdog - added "ping-timeout" setting (CLI only);
*) winbox - show "sector-writes" on ARM routers that has such counters;
*) winbox - show "System/Health" only on boards that have health monitoring;
Other changes since v6.42.4:
*) api - properly classify API sessions in log;
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - enabled promiscious mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximal achievable distance;
*) w60g - improved maximum link distance;
*) w60g - properly report center status under "tx-sector-info";
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release
!) cloud - added IPv6 support;
*) console - do not show spare parameters on ping command;
*) crs317 - properly report link state when one link interface is disabled;
*) crs326/crs328 - fixed broken "new-dst-port" ACL rules (introduced in 6.43rc10);
*) crs3xx - fixed flow control;
*) crs3xx - fixed LACP member failover;
*) dhcpv4-client - fixed double ACK packet handling;
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) led - fixed LED default configuration for LtAP mini;
*) lte - added eNB ID to info command;
*) ssh - allow to use "diffie-hellman-group1-sha1" on TILE and x86 devices with "strong-crypto" disabled;
*) supout - added "w60g" section to supout file;
*) watchdog - added "ping-timeout" setting (CLI only);
*) winbox - show "sector-writes" on ARM routers that has such counters;
*) winbox - show "System/Health" only on boards that have health monitoring;
Other changes since v6.42.4:
*) api - properly classify API sessions in log;
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - enabled promiscious mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) export - do not show w60g password on "hide-sensitive" type of export;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximal achievable distance;
*) w60g - improved maximum link distance;
*) w60g - properly report center status under "tx-sector-info";
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43rc32
2018-06-19
What's new in 6.43rc32 (2018-Jun-19 07:07):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
----------------------
Changes in this release
!) winbox - minimal required version is v3.15;
*) api - properly classify API sessions in log;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) chr - enabled promiscious mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) export - do not show w60g password on "hide-sensitive" type of export;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) lte - show UICC in correct format for SXT LTE devices;
*) romon - properly classify RoMON sessions in log and active users list;
*) w60g - improved maximal achievable distance;
*) w60g - properly report center status under "tx-sector-info";
Other changes since v6.42.4:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximum link distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
----------------------
Changes in this release
!) winbox - minimal required version is v3.15;
*) api - properly classify API sessions in log;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) chr - enabled promiscious mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) export - do not show w60g password on "hide-sensitive" type of export;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) lte - show UICC in correct format for SXT LTE devices;
*) romon - properly classify RoMON sessions in log and active users list;
*) w60g - improved maximal achievable distance;
*) w60g - properly report center status under "tx-sector-info";
Other changes since v6.42.4:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximum link distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Версия 6.43rc32
2018-06-19
What's new in 6.43rc32 (2018-Jun-19 07:07):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
----------------------
Changes in this release
!) winbox - minimal required version is v3.15;
*) api - properly classify API sessions in log;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) chr - enabled promiscious mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) export - do not show w60g password on "hide-sensitive" type of export;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) lte - show UICC in correct format for SXT LTE devices;
*) romon - properly classify RoMON sessions in log and active users list;
*) w60g - improved maximal achievable distance;
*) w60g - properly report center status under "tx-sector-info";
Other changes since v6.42.4:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximum link distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
----------------------
Changes in this release
!) winbox - minimal required version is v3.15;
*) api - properly classify API sessions in log;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) chr - enabled promiscious mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) export - do not show w60g password on "hide-sensitive" type of export;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) lte - show UICC in correct format for SXT LTE devices;
*) romon - properly classify RoMON sessions in log and active users list;
*) w60g - improved maximal achievable distance;
*) w60g - properly report center status under "tx-sector-info";
Other changes since v6.42.4:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximum link distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Версия 6.43rc32
2018-06-19
What's new in 6.43rc32 (2018-Jun-19 07:07):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
----------------------
Changes in this release
!) winbox - minimal required version is v3.15;
*) api - properly classify API sessions in log;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) chr - enabled promiscious mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) export - do not show w60g password on "hide-sensitive" type of export;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) lte - show UICC in correct format for SXT LTE devices;
*) romon - properly classify RoMON sessions in log and active users list;
*) w60g - improved maximal achievable distance;
*) w60g - properly report center status under "tx-sector-info";
Other changes since v6.42.4:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximum link distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
----------------------
Changes in this release
!) winbox - minimal required version is v3.15;
*) api - properly classify API sessions in log;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) chr - enabled promiscious mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) export - do not show w60g password on "hide-sensitive" type of export;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) lte - show UICC in correct format for SXT LTE devices;
*) romon - properly classify RoMON sessions in log and active users list;
*) w60g - improved maximal achievable distance;
*) w60g - properly report center status under "tx-sector-info";
Other changes since v6.42.4:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) smb - fixed valid request handling when additional options are used;
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximum link distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Версия 6.43rc3
2018-04-20
What's new in 6.43rc3 (2018-Apr-20 08:46):
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved compatibility with BCM chipset devices;
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved compatibility with BCM chipset devices;
Версия 6.43rc3
2018-04-20
What's new in 6.43rc3 (2018-Apr-20 08:46):
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved compatibility with BCM chipset devices;
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved compatibility with BCM chipset devices;
Версия 6.43rc3
2018-04-20
What's new in 6.43rc3 (2018-Apr-20 08:46):
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved compatibility with BCM chipset devices;
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved compatibility with BCM chipset devices;
Версия 6.43rc29
2018-06-15
What's new in 6.43rc29 (2018-Jun-13 12:17):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcp - reduced resource usage of DHCP services;
*) ipsec - improved reliability on IPsec hardware encryption for RB1100Dx4;
*) led - added "dark-mode" functionality for SXTsq 5 ac devices;
*) led - use routers uptime as a starting point when turning off LEDs if option was not enabled on boot;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) w60g - improved maximum link distance;
*) w60g - improved RAM memoy allocation processes;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.3:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - added "dark-mode" functionality for hEX S devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - improved unique username generation process when adding batch of users;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcp - reduced resource usage of DHCP services;
*) ipsec - improved reliability on IPsec hardware encryption for RB1100Dx4;
*) led - added "dark-mode" functionality for SXTsq 5 ac devices;
*) led - use routers uptime as a starting point when turning off LEDs if option was not enabled on boot;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) w60g - improved maximum link distance;
*) w60g - improved RAM memoy allocation processes;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.3:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - added "dark-mode" functionality for hEX S devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - improved unique username generation process when adding batch of users;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Версия 6.43rc29
2018-06-15
What's new in 6.43rc29 (2018-Jun-13 12:17):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcp - reduced resource usage of DHCP services;
*) ipsec - improved reliability on IPsec hardware encryption for RB1100Dx4;
*) led - added "dark-mode" functionality for SXTsq 5 ac devices;
*) led - use routers uptime as a starting point when turning off LEDs if option was not enabled on boot;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) w60g - improved maximum link distance;
*) w60g - improved RAM memoy allocation processes;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.3:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - added "dark-mode" functionality for hEX S devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - improved unique username generation process when adding batch of users;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcp - reduced resource usage of DHCP services;
*) ipsec - improved reliability on IPsec hardware encryption for RB1100Dx4;
*) led - added "dark-mode" functionality for SXTsq 5 ac devices;
*) led - use routers uptime as a starting point when turning off LEDs if option was not enabled on boot;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) w60g - improved maximum link distance;
*) w60g - improved RAM memoy allocation processes;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.3:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - added "dark-mode" functionality for hEX S devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - improved unique username generation process when adding batch of users;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Версия 6.43rc29
2018-06-15
What's new in 6.43rc29 (2018-Jun-13 12:17):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcp - reduced resource usage of DHCP services;
*) ipsec - improved reliability on IPsec hardware encryption for RB1100Dx4;
*) led - added "dark-mode" functionality for SXTsq 5 ac devices;
*) led - use routers uptime as a starting point when turning off LEDs if option was not enabled on boot;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) w60g - improved maximum link distance;
*) w60g - improved RAM memoy allocation processes;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.3:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - added "dark-mode" functionality for hEX S devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - improved unique username generation process when adding batch of users;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcp - reduced resource usage of DHCP services;
*) ipsec - improved reliability on IPsec hardware encryption for RB1100Dx4;
*) led - added "dark-mode" functionality for SXTsq 5 ac devices;
*) led - use routers uptime as a starting point when turning off LEDs if option was not enabled on boot;
*) sfp - fixed DDM data with SFP+ modules on CRS328-4C-20S-4S+ (introduced in v6.43rc10);
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) w60g - improved maximum link distance;
*) w60g - improved RAM memoy allocation processes;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.3:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ike1 - purge both SAs when timer expires;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - added "dark-mode" functionality for hEX S devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) usb - fixed power-reset for hAP ac^2 devices;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - improved unique username generation process when adding batch of users;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved link stability;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Версия 6.43rc27
2018-06-12
What's new in 6.43rc27 (2018-Jun-12 10:27):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ike1 - purge both SAs when timer expires;
*) ipsec - use monotonic timer for SA lifetime check;
*) led - added "dark-mode" functionality for hEX S devices;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added support for Quanta 1k6e modem;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) usb - fixed power-reset for hAP ac^2 devices;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) userman - improved unique username generation process when adding batch of users;
*) w60g - added distance measurement (CLI only);
*) w60g - improved link stability;
*) w60g - improved maximum link distance;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.3:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ike1 - purge both SAs when timer expires;
*) ipsec - use monotonic timer for SA lifetime check;
*) led - added "dark-mode" functionality for hEX S devices;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added support for Quanta 1k6e modem;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) usb - fixed power-reset for hAP ac^2 devices;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) userman - improved unique username generation process when adding batch of users;
*) w60g - added distance measurement (CLI only);
*) w60g - improved link stability;
*) w60g - improved maximum link distance;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.3:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Версия 6.43rc27
2018-06-12
What's new in 6.43rc27 (2018-Jun-12 10:27):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ike1 - purge both SAs when timer expires;
*) ipsec - use monotonic timer for SA lifetime check;
*) led - added "dark-mode" functionality for hEX S devices;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added support for Quanta 1k6e modem;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) usb - fixed power-reset for hAP ac^2 devices;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) userman - improved unique username generation process when adding batch of users;
*) w60g - added distance measurement (CLI only);
*) w60g - improved link stability;
*) w60g - improved maximum link distance;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.3:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ike1 - purge both SAs when timer expires;
*) ipsec - use monotonic timer for SA lifetime check;
*) led - added "dark-mode" functionality for hEX S devices;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added support for Quanta 1k6e modem;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) usb - fixed power-reset for hAP ac^2 devices;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) userman - improved unique username generation process when adding batch of users;
*) w60g - added distance measurement (CLI only);
*) w60g - improved link stability;
*) w60g - improved maximum link distance;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.3:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Версия 6.43rc27
2018-06-12
What's new in 6.43rc27 (2018-Jun-12 10:27):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ike1 - purge both SAs when timer expires;
*) ipsec - use monotonic timer for SA lifetime check;
*) led - added "dark-mode" functionality for hEX S devices;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added support for Quanta 1k6e modem;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) usb - fixed power-reset for hAP ac^2 devices;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) userman - improved unique username generation process when adding batch of users;
*) w60g - added distance measurement (CLI only);
*) w60g - improved link stability;
*) w60g - improved maximum link distance;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.3:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ike1 - purge both SAs when timer expires;
*) ipsec - use monotonic timer for SA lifetime check;
*) led - added "dark-mode" functionality for hEX S devices;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added support for Quanta 1k6e modem;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) ntp - allow to specify link-local address for NTP server;
*) ppp - added support for additional ID for E3531 modem;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) usb - fixed power-reset for hAP ac^2 devices;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) userman - improved unique username generation process when adding batch of users;
*) w60g - added distance measurement (CLI only);
*) w60g - improved link stability;
*) w60g - improved maximum link distance;
*) wireless - improved Nv2 reliability on ARM devices;
Other changes since v6.42.3:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Версия 6.43rc23
2018-06-05
What's new in 6.43rc23 (2018-Jun-05 11:27):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) dhcpv6-server - added initial dynamic simple queue support;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) lte - improved modem event processing;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
Other changes since v6.42.3:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) dhcpv6-server - added initial dynamic simple queue support;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) lte - improved modem event processing;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
Other changes since v6.42.3:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Версия 6.43rc23
2018-06-05
What's new in 6.43rc23 (2018-Jun-05 11:27):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) dhcpv6-server - added initial dynamic simple queue support;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) lte - improved modem event processing;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
Other changes since v6.42.3:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) dhcpv6-server - added initial dynamic simple queue support;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) lte - improved modem event processing;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
Other changes since v6.42.3:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Версия 6.43rc23
2018-06-05
What's new in 6.43rc23 (2018-Jun-05 11:27):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) dhcpv6-server - added initial dynamic simple queue support;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) lte - improved modem event processing;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
Other changes since v6.42.3:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) backup - generate proper file name when router identity is longer than 32 symbols;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) dhcpv6-server - added initial dynamic simple queue support;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) lte - improved modem event processing;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) supout - added "partitions" section to supout file;
*) switch - added support for port isolation by switch chip;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - properly close session when uploading multiple files to the router at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - show "scep-url" for certificates;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
Other changes since v6.42.3:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Версия 6.43rc21
2018-05-30
What's new in 6.43rc21 (2018-May-29 12:51):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) lte - do not allow to remove default APN profile;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added distance measurement (CLI only);
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Other changes since v6.42.3:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) lte - do not allow to remove default APN profile;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added distance measurement (CLI only);
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Other changes since v6.42.3:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
Версия 6.43rc21
2018-05-30
What's new in 6.43rc21 (2018-May-29 12:51):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) lte - do not allow to remove default APN profile;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added distance measurement (CLI only);
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Other changes since v6.42.3:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) lte - do not allow to remove default APN profile;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added distance measurement (CLI only);
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Other changes since v6.42.3:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
Версия 6.43rc21
2018-05-30
What's new in 6.43rc21 (2018-May-29 12:51):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) lte - do not allow to remove default APN profile;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added distance measurement (CLI only);
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Other changes since v6.42.3:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
----------------------
Changes in this release:
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - fixed DHCP server stuck in invalid state;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) kidcontrol - added dynamic accept firewall rules in order to allow limit bandwidth when FastTrack is enabled;
*) lte - do not allow to remove default APN profile;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added distance measurement (CLI only);
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
Other changes since v6.42.3:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed adding MSTI entries;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
Версия 6.43rc19
2018-05-25
What's new in 6.43rc19 (2018-May-25 08:48):
*) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
*) bridge - fixed FastPath for bridge master interfaces (introduce in v6.42);
*) chr - fixed adding MSTI entries;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) kidcontrol - fixed dynamically created firewall rules order;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added distance measurement (CLI only);
Other changes since v6.42.3:
*) backup - do not encrypt backup file unless password is provided;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
*) radius - use MS-CHAPv2 for "login" service authentication;
*) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - improved authentication process;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
*) bridge - fixed FastPath for bridge master interfaces (introduce in v6.42);
*) chr - fixed adding MSTI entries;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) kidcontrol - fixed dynamically created firewall rules order;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added distance measurement (CLI only);
Other changes since v6.42.3:
*) backup - do not encrypt backup file unless password is provided;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
*) radius - use MS-CHAPv2 for "login" service authentication;
*) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - improved authentication process;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
Версия 6.43rc19
2018-05-25
What's new in 6.43rc19 (2018-May-25 08:48):
*) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
*) bridge - fixed FastPath for bridge master interfaces (introduce in v6.42);
*) chr - fixed adding MSTI entries;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) kidcontrol - fixed dynamically created firewall rules order;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added distance measurement (CLI only);
Other changes since v6.42.3:
*) backup - do not encrypt backup file unless password is provided;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
*) radius - use MS-CHAPv2 for "login" service authentication;
*) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - improved authentication process;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
*) bridge - fixed FastPath for bridge master interfaces (introduce in v6.42);
*) chr - fixed adding MSTI entries;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) kidcontrol - fixed dynamically created firewall rules order;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added distance measurement (CLI only);
Other changes since v6.42.3:
*) backup - do not encrypt backup file unless password is provided;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
*) radius - use MS-CHAPv2 for "login" service authentication;
*) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - improved authentication process;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
Версия 6.43rc19
2018-05-25
What's new in 6.43rc19 (2018-May-25 08:48):
*) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
*) bridge - fixed FastPath for bridge master interfaces (introduce in v6.42);
*) chr - fixed adding MSTI entries;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) kidcontrol - fixed dynamically created firewall rules order;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added distance measurement (CLI only);
Other changes since v6.42.3:
*) backup - do not encrypt backup file unless password is provided;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
*) radius - use MS-CHAPv2 for "login" service authentication;
*) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - improved authentication process;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
*) bridge - fixed FastPath for bridge master interfaces (introduce in v6.42);
*) chr - fixed adding MSTI entries;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) kidcontrol - fixed dynamically created firewall rules order;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US (CLI only);
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added distance measurement (CLI only);
Other changes since v6.42.3:
*) backup - do not encrypt backup file unless password is provided;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added roaming status reading for info command (CLI only);
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
*) radius - use MS-CHAPv2 for "login" service authentication;
*) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) smb - fixed valid request handling when additional options are used;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - improved authentication process;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
Версия 6.43rc17
2018-05-23
What's new in 6.43rc17 (2018-May-23 11:52):
*) backup - do not encrypt backup file unless password is provided;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added initial Q-in-Q support (CLI only);
*) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) lte - added ICCID reading for info command R11e-LTE (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - improved r11e-LTE configuration exchange process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
*) radius - use MS-CHAPv2 for "login" service authentication;
*) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
*) smb - fixed valid request handling when additional options are used;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - improved authentication process;
*) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
*) wireless - improved client "channel-width" detection;
Other changes since v6.42.2:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) backup - do not encrypt backup file unless password is provided;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added initial Q-in-Q support (CLI only);
*) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) lte - added ICCID reading for info command R11e-LTE (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - improved r11e-LTE configuration exchange process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
*) radius - use MS-CHAPv2 for "login" service authentication;
*) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
*) smb - fixed valid request handling when additional options are used;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - improved authentication process;
*) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
*) wireless - improved client "channel-width" detection;
Other changes since v6.42.2:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
Версия 6.43rc17
2018-05-23
What's new in 6.43rc17 (2018-May-23 11:52):
*) backup - do not encrypt backup file unless password is provided;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added initial Q-in-Q support (CLI only);
*) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) lte - added ICCID reading for info command R11e-LTE (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - improved r11e-LTE configuration exchange process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
*) radius - use MS-CHAPv2 for "login" service authentication;
*) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
*) smb - fixed valid request handling when additional options are used;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - improved authentication process;
*) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
*) wireless - improved client "channel-width" detection;
Other changes since v6.42.2:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) backup - do not encrypt backup file unless password is provided;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added initial Q-in-Q support (CLI only);
*) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) lte - added ICCID reading for info command R11e-LTE (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - improved r11e-LTE configuration exchange process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
*) radius - use MS-CHAPv2 for "login" service authentication;
*) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
*) smb - fixed valid request handling when additional options are used;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - improved authentication process;
*) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
*) wireless - improved client "channel-width" detection;
Other changes since v6.42.2:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
Версия 6.43rc17
2018-05-23
What's new in 6.43rc17 (2018-May-23 11:52):
*) backup - do not encrypt backup file unless password is provided;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added initial Q-in-Q support (CLI only);
*) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) lte - added ICCID reading for info command R11e-LTE (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - improved r11e-LTE configuration exchange process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
*) radius - use MS-CHAPv2 for "login" service authentication;
*) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
*) smb - fixed valid request handling when additional options are used;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - improved authentication process;
*) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
*) wireless - improved client "channel-width" detection;
Other changes since v6.42.2:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) backup - do not encrypt backup file unless password is provided;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added initial Q-in-Q support (CLI only);
*) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) lte - added ICCID reading for info command R11e-LTE (CLI only);
*) lte - added roaming status reading for info command (CLI only);
*) lte - improved r11e-LTE configuration exchange process;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc" (CLI only);
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - require at least v6.43 MAC Telnet client when connecting to v6.43 or later version server;
*) radius - use MS-CHAPv2 for "login" service authentication;
*) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
*) smb - fixed valid request handling when additional options are used;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - general stability and performance improvements;
*) w60g - improved maximal achievable distance;
*) w60g - removed distance lock for wAP 60G devices;
*) webfig - improved authentication process;
*) winbox - improved authentication process excluding man-in-the-middle possibility (Winbox v3.14 required);
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
*) wireless - improved client "channel-width" detection;
Other changes since v6.42.2:
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
Версия 6.43rc14
2018-05-18
What's new in 6.43rc14 (2018-May-18 07:09):
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) defconf - fixed missing bridge ports after configuration reset;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) lte - added support for Novatel USB730LN modem with new ID;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
Other changes since v6.42.2:
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - improved Nv2 PtMP performance;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) defconf - fixed missing bridge ports after configuration reset;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) lte - added support for Novatel USB730LN modem with new ID;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
Other changes since v6.42.2:
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - improved Nv2 PtMP performance;
Версия 6.43rc14
2018-05-18
What's new in 6.43rc14 (2018-May-18 07:09):
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) defconf - fixed missing bridge ports after configuration reset;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) lte - added support for Novatel USB730LN modem with new ID;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
Other changes since v6.42.2:
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - improved Nv2 PtMP performance;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) defconf - fixed missing bridge ports after configuration reset;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) lte - added support for Novatel USB730LN modem with new ID;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
Other changes since v6.42.2:
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - improved Nv2 PtMP performance;
Версия 6.43rc14
2018-05-18
What's new in 6.43rc14 (2018-May-18 07:09):
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) defconf - fixed missing bridge ports after configuration reset;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) lte - added support for Novatel USB730LN modem with new ID;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
Other changes since v6.42.2:
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - improved Nv2 PtMP performance;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - added initial Q-in-Q support (CLI only);
*) bridge - allow to make changes for bridge port when it is interface list;
*) crs3xx - added initial Q-in-Q hardware offloading support (CLI only);
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) defconf - fixed missing bridge ports after configuration reset;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) lte - added support for Novatel USB730LN modem with new ID;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
Other changes since v6.42.2:
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - fixed DHCP server functionality (introduced in v6.43rc);
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - added option for RADUS "called-station-id" format selection (CLI only);
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - improved Nv2 PtMP performance;
Версия 6.43rc12
2018-05-15
What's new in 6.43rc12 (2018-May-11 09:08):
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) dhcpv4-server - fixed situation when router did reboot due to critical program crash (introduced in v6.43rc);
*) ipsec - improved reliability on IPsec hardware encryption for ARM devices except RB1100Dx4;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) wireless - added option for RADIUS "called-station-id" format selection (CLI only);
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - do not allow to add same interface list to bridge more than once;
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.43rc1);
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) filesystem - fixed situation when filesystem goes into read-only mode on device with NAND type memory;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behavior;
*) interface - fixed interface list which include disabled member;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed situation when router did reboot due to critical program crash (introduced in v6.42);
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved LTE communication process on MMIPS platform devices;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - properly represent board name for hAP ac^2;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) dhcpv4-server - fixed situation when router did reboot due to critical program crash (introduced in v6.43rc);
*) ipsec - improved reliability on IPsec hardware encryption for ARM devices except RB1100Dx4;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) wireless - added option for RADIUS "called-station-id" format selection (CLI only);
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - do not allow to add same interface list to bridge more than once;
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.43rc1);
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) filesystem - fixed situation when filesystem goes into read-only mode on device with NAND type memory;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behavior;
*) interface - fixed interface list which include disabled member;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed situation when router did reboot due to critical program crash (introduced in v6.42);
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved LTE communication process on MMIPS platform devices;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - properly represent board name for hAP ac^2;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Версия 6.43rc12
2018-05-15
What's new in 6.43rc12 (2018-May-11 09:08):
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) dhcpv4-server - fixed situation when router did reboot due to critical program crash (introduced in v6.43rc);
*) ipsec - improved reliability on IPsec hardware encryption for ARM devices except RB1100Dx4;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) wireless - added option for RADIUS "called-station-id" format selection (CLI only);
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - do not allow to add same interface list to bridge more than once;
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.43rc1);
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) filesystem - fixed situation when filesystem goes into read-only mode on device with NAND type memory;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behavior;
*) interface - fixed interface list which include disabled member;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed situation when router did reboot due to critical program crash (introduced in v6.42);
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved LTE communication process on MMIPS platform devices;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - properly represent board name for hAP ac^2;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) dhcpv4-server - fixed situation when router did reboot due to critical program crash (introduced in v6.43rc);
*) ipsec - improved reliability on IPsec hardware encryption for ARM devices except RB1100Dx4;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) wireless - added option for RADIUS "called-station-id" format selection (CLI only);
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - do not allow to add same interface list to bridge more than once;
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.43rc1);
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) filesystem - fixed situation when filesystem goes into read-only mode on device with NAND type memory;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behavior;
*) interface - fixed interface list which include disabled member;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed situation when router did reboot due to critical program crash (introduced in v6.42);
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved LTE communication process on MMIPS platform devices;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - properly represent board name for hAP ac^2;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Версия 6.43rc12
2018-05-15
What's new in 6.43rc12 (2018-May-11 09:08):
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) dhcpv4-server - fixed situation when router did reboot due to critical program crash (introduced in v6.43rc);
*) ipsec - improved reliability on IPsec hardware encryption for ARM devices except RB1100Dx4;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) wireless - added option for RADIUS "called-station-id" format selection (CLI only);
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - do not allow to add same interface list to bridge more than once;
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.43rc1);
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) filesystem - fixed situation when filesystem goes into read-only mode on device with NAND type memory;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behavior;
*) interface - fixed interface list which include disabled member;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed situation when router did reboot due to critical program crash (introduced in v6.42);
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved LTE communication process on MMIPS platform devices;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - properly represent board name for hAP ac^2;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) bridge - fixed bridge hw-offloading on MMIPS devices (introduced in v6.43rc10);
*) crs3xx - fixed packet forwarding on SFP+ interfaces (introduced in v6.43rc11);
*) dhcpv4-server - fixed situation when router did reboot due to critical program crash (introduced in v6.43rc);
*) ipsec - improved reliability on IPsec hardware encryption for ARM devices except RB1100Dx4;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) wireless - added option for RADIUS "called-station-id" format selection (CLI only);
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - do not allow to add same interface list to bridge more than once;
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.43rc1);
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) filesystem - fixed situation when filesystem goes into read-only mode on device with NAND type memory;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behavior;
*) interface - fixed interface list which include disabled member;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed situation when router did reboot due to critical program crash (introduced in v6.42);
*) interface - improved reliability on dynamic interface handling;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved LTE communication process on MMIPS platform devices;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - properly represent board name for hAP ac^2;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) switch - added support for port isolation by switch chip (CLI only);
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Версия 6.43rc11
2018-05-10
What's new in 6.43rc11 (2018-May-10 10:13):
*) bridge - do not allow to add same interface list to bridge more than once;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.43rc1);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - fixed situation when filesystem goes into read-only mode on device with NAND type memory;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behavior;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed interface list which include disabled member;
*) interface - fixed situation when router did reboot due to critical program crash (introduced in v6.42);
*) interface - improved reliability on dynamic interface handling;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - improved LTE communication process on MMIPS platform devices;
*) routerboard - properly represent board name for hAP ac^2;
*) switch - added support for port isolation by switch chip (CLI only);
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) bridge - do not allow to add same interface list to bridge more than once;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.43rc1);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - fixed situation when filesystem goes into read-only mode on device with NAND type memory;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behavior;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed interface list which include disabled member;
*) interface - fixed situation when router did reboot due to critical program crash (introduced in v6.42);
*) interface - improved reliability on dynamic interface handling;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - improved LTE communication process on MMIPS platform devices;
*) routerboard - properly represent board name for hAP ac^2;
*) switch - added support for port isolation by switch chip (CLI only);
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Версия 6.43rc11
2018-05-10
What's new in 6.43rc11 (2018-May-10 10:13):
*) bridge - do not allow to add same interface list to bridge more than once;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.43rc1);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - fixed situation when filesystem goes into read-only mode on device with NAND type memory;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behavior;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed interface list which include disabled member;
*) interface - fixed situation when router did reboot due to critical program crash (introduced in v6.42);
*) interface - improved reliability on dynamic interface handling;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - improved LTE communication process on MMIPS platform devices;
*) routerboard - properly represent board name for hAP ac^2;
*) switch - added support for port isolation by switch chip (CLI only);
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) bridge - do not allow to add same interface list to bridge more than once;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.43rc1);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - fixed situation when filesystem goes into read-only mode on device with NAND type memory;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behavior;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed interface list which include disabled member;
*) interface - fixed situation when router did reboot due to critical program crash (introduced in v6.42);
*) interface - improved reliability on dynamic interface handling;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - improved LTE communication process on MMIPS platform devices;
*) routerboard - properly represent board name for hAP ac^2;
*) switch - added support for port isolation by switch chip (CLI only);
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Версия 6.43rc11
2018-05-10
What's new in 6.43rc11 (2018-May-10 10:13):
*) bridge - do not allow to add same interface list to bridge more than once;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.43rc1);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - fixed situation when filesystem goes into read-only mode on device with NAND type memory;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behavior;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed interface list which include disabled member;
*) interface - fixed situation when router did reboot due to critical program crash (introduced in v6.42);
*) interface - improved reliability on dynamic interface handling;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - improved LTE communication process on MMIPS platform devices;
*) routerboard - properly represent board name for hAP ac^2;
*) switch - added support for port isolation by switch chip (CLI only);
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) bridge - do not allow to add same interface list to bridge more than once;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.43rc1);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-server - added initial dynamic simple queue support;
*) filesystem - fixed situation when filesystem goes into read-only mode on device with NAND type memory;
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behavior;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed interface list which include disabled member;
*) interface - fixed situation when router did reboot due to critical program crash (introduced in v6.42);
*) interface - improved reliability on dynamic interface handling;
*) lte - added extended signal information for Quectel LTE EP06 modem;
*) lte - improved LTE communication process on MMIPS platform devices;
*) routerboard - properly represent board name for hAP ac^2;
*) switch - added support for port isolation by switch chip (CLI only);
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
Other changes since v6.42.1:
*) bridge - added ingress filtering options to bridge interface (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) capsman - allow to change "radio-name" (CLI only);
*) certificate - add "expires-after" parameter (CLI only);
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations;
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved boot time for Hyper-V installations;
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) dhvpv4-client - fixed DHCP client stuck in renewing state;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations (CLI only);
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule (CLI only);
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu (CLI only);
*) kidcontrol - allow to edit discovered devices;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed SIM7600 registration info;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved reading of SMS message after entering running state;
*) quickset - fixed dual radio mode detection process;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) ssh - disconnect all active connections when router gets rebooted or turned off;
*) tr069-client: - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
Версия 6.42rc9
2018-01-15
What's new in 6.42rc9 (2018-Jan-15 09:07):
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-server - added DHCPv4 style user options;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike2 - delay rekeyed peer outbound SA installation;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature (CLI only);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for W60G interfaces;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) winbox - added possibility to delete SMS from Inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behaviour;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) wireless - fixed frequency-monitor/sniffer/snooper; (introduced in v6.42rc);
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv6-client - added possibility to specify options (CLI only);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-server - added DHCPv4 style user options;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike2 - delay rekeyed peer outbound SA installation;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature (CLI only);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for W60G interfaces;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) winbox - added possibility to delete SMS from Inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behaviour;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) wireless - fixed frequency-monitor/sniffer/snooper; (introduced in v6.42rc);
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv6-client - added possibility to specify options (CLI only);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc9
2018-01-15
What's new in 6.42rc9 (2018-Jan-15 09:07):
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-server - added DHCPv4 style user options;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike2 - delay rekeyed peer outbound SA installation;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature (CLI only);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for W60G interfaces;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) winbox - added possibility to delete SMS from Inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behaviour;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) wireless - fixed frequency-monitor/sniffer/snooper; (introduced in v6.42rc);
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv6-client - added possibility to specify options (CLI only);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-server - added DHCPv4 style user options;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike2 - delay rekeyed peer outbound SA installation;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature (CLI only);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for W60G interfaces;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) winbox - added possibility to delete SMS from Inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behaviour;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) wireless - fixed frequency-monitor/sniffer/snooper; (introduced in v6.42rc);
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv6-client - added possibility to specify options (CLI only);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc9
2018-01-15
What's new in 6.42rc9 (2018-Jan-15 09:07):
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-server - added DHCPv4 style user options;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike2 - delay rekeyed peer outbound SA installation;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature (CLI only);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for W60G interfaces;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) winbox - added possibility to delete SMS from Inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behaviour;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) wireless - fixed frequency-monitor/sniffer/snooper; (introduced in v6.42rc);
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv6-client - added possibility to specify options (CLI only);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-server - added DHCPv4 style user options;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike2 - delay rekeyed peer outbound SA installation;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature (CLI only);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for W60G interfaces;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) winbox - added possibility to delete SMS from Inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behaviour;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) wireless - fixed frequency-monitor/sniffer/snooper; (introduced in v6.42rc);
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv6-client - added possibility to specify options (CLI only);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc6
2018-01-04
What's new in 6.42rc6 (2018-Jan-04 13:52):
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) snmp - added w60g support;
*) wireless - fixed device becoming unresponsive (introduced in v6.42rc5);
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed “aes-ctr” and “aes-gcm” encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) snmp - added w60g support;
*) wireless - fixed device becoming unresponsive (introduced in v6.42rc5);
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed “aes-ctr” and “aes-gcm” encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc6
2018-01-04
What's new in 6.42rc6 (2018-Jan-04 13:52):
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) snmp - added w60g support;
*) wireless - fixed device becoming unresponsive (introduced in v6.42rc5);
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed “aes-ctr” and “aes-gcm” encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) snmp - added w60g support;
*) wireless - fixed device becoming unresponsive (introduced in v6.42rc5);
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed “aes-ctr” and “aes-gcm” encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc6
2018-01-04
What's new in 6.42rc6 (2018-Jan-04 13:52):
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) snmp - added w60g support;
*) wireless - fixed device becoming unresponsive (introduced in v6.42rc5);
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed “aes-ctr” and “aes-gcm” encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) snmp - added w60g support;
*) wireless - fixed device becoming unresponsive (introduced in v6.42rc5);
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed “aes-ctr” and “aes-gcm” encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc56
2018-04-09
What's new in 6.42rc56 (2018-Apr-09 08:18):
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dns - do not generate "Undo" messages on changes to dynamic servers;
*) ike2 - fixed framed IP address received from RADIUS server;
*) ippool6 - added pool name to "no more addresses left" error message;
*) ipv6 - fixed IPv6 behavior when slave leaves bridge;
*) ipv6 - update IPv6 DNS from RA only when it is changed;
*) led - added "Dark Mode" support for wAP 60G;
*) led - added w60g alignment trigger;
*) rb1100ahx4 - improved reliability on hardware encryption;
*) w60g - added "tx-power" setting (CLI only);
*) w60g - added RSSI information (CLI only);
*) w60g - added TX sector alignment information (CLI only);
*) winbox - fixed Neighbor Discovery and MAC Winbox (introduced in v6.42rc);
*) wireless - fixed RB911-5HnD low transmit power issue;
*) wireless - fixed wsAP wrong 5 GHz interface MAC address;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased supported distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions (introduced in 6.42rc);
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for "multi-queue" feature for "virtio-net" driver;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface matching by name on VMware installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) chr - run startup scripts also on the first boot on AWS and Google Cloud installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed LTE band setting for SXT LTE;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly detect hAP ac^2 RAM size;
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - fixed SSH service becoming unavailable;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show dual SIM options only for RouterBOARDS which does have two SIM slots;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dns - do not generate "Undo" messages on changes to dynamic servers;
*) ike2 - fixed framed IP address received from RADIUS server;
*) ippool6 - added pool name to "no more addresses left" error message;
*) ipv6 - fixed IPv6 behavior when slave leaves bridge;
*) ipv6 - update IPv6 DNS from RA only when it is changed;
*) led - added "Dark Mode" support for wAP 60G;
*) led - added w60g alignment trigger;
*) rb1100ahx4 - improved reliability on hardware encryption;
*) w60g - added "tx-power" setting (CLI only);
*) w60g - added RSSI information (CLI only);
*) w60g - added TX sector alignment information (CLI only);
*) winbox - fixed Neighbor Discovery and MAC Winbox (introduced in v6.42rc);
*) wireless - fixed RB911-5HnD low transmit power issue;
*) wireless - fixed wsAP wrong 5 GHz interface MAC address;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased supported distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions (introduced in 6.42rc);
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for "multi-queue" feature for "virtio-net" driver;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface matching by name on VMware installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) chr - run startup scripts also on the first boot on AWS and Google Cloud installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed LTE band setting for SXT LTE;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly detect hAP ac^2 RAM size;
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - fixed SSH service becoming unavailable;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show dual SIM options only for RouterBOARDS which does have two SIM slots;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc56
2018-04-09
What's new in 6.42rc56 (2018-Apr-09 08:18):
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dns - do not generate "Undo" messages on changes to dynamic servers;
*) ike2 - fixed framed IP address received from RADIUS server;
*) ippool6 - added pool name to "no more addresses left" error message;
*) ipv6 - fixed IPv6 behavior when slave leaves bridge;
*) ipv6 - update IPv6 DNS from RA only when it is changed;
*) led - added "Dark Mode" support for wAP 60G;
*) led - added w60g alignment trigger;
*) rb1100ahx4 - improved reliability on hardware encryption;
*) w60g - added "tx-power" setting (CLI only);
*) w60g - added RSSI information (CLI only);
*) w60g - added TX sector alignment information (CLI only);
*) winbox - fixed Neighbor Discovery and MAC Winbox (introduced in v6.42rc);
*) wireless - fixed RB911-5HnD low transmit power issue;
*) wireless - fixed wsAP wrong 5 GHz interface MAC address;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased supported distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions (introduced in 6.42rc);
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for "multi-queue" feature for "virtio-net" driver;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface matching by name on VMware installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) chr - run startup scripts also on the first boot on AWS and Google Cloud installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed LTE band setting for SXT LTE;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly detect hAP ac^2 RAM size;
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - fixed SSH service becoming unavailable;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show dual SIM options only for RouterBOARDS which does have two SIM slots;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dns - do not generate "Undo" messages on changes to dynamic servers;
*) ike2 - fixed framed IP address received from RADIUS server;
*) ippool6 - added pool name to "no more addresses left" error message;
*) ipv6 - fixed IPv6 behavior when slave leaves bridge;
*) ipv6 - update IPv6 DNS from RA only when it is changed;
*) led - added "Dark Mode" support for wAP 60G;
*) led - added w60g alignment trigger;
*) rb1100ahx4 - improved reliability on hardware encryption;
*) w60g - added "tx-power" setting (CLI only);
*) w60g - added RSSI information (CLI only);
*) w60g - added TX sector alignment information (CLI only);
*) winbox - fixed Neighbor Discovery and MAC Winbox (introduced in v6.42rc);
*) wireless - fixed RB911-5HnD low transmit power issue;
*) wireless - fixed wsAP wrong 5 GHz interface MAC address;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased supported distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions (introduced in 6.42rc);
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for "multi-queue" feature for "virtio-net" driver;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface matching by name on VMware installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) chr - run startup scripts also on the first boot on AWS and Google Cloud installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed LTE band setting for SXT LTE;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly detect hAP ac^2 RAM size;
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - fixed SSH service becoming unavailable;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show dual SIM options only for RouterBOARDS which does have two SIM slots;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc56
2018-04-09
What's new in 6.42rc56 (2018-Apr-09 08:18):
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dns - do not generate "Undo" messages on changes to dynamic servers;
*) ike2 - fixed framed IP address received from RADIUS server;
*) ippool6 - added pool name to "no more addresses left" error message;
*) ipv6 - fixed IPv6 behavior when slave leaves bridge;
*) ipv6 - update IPv6 DNS from RA only when it is changed;
*) led - added "Dark Mode" support for wAP 60G;
*) led - added w60g alignment trigger;
*) rb1100ahx4 - improved reliability on hardware encryption;
*) w60g - added "tx-power" setting (CLI only);
*) w60g - added RSSI information (CLI only);
*) w60g - added TX sector alignment information (CLI only);
*) winbox - fixed Neighbor Discovery and MAC Winbox (introduced in v6.42rc);
*) wireless - fixed RB911-5HnD low transmit power issue;
*) wireless - fixed wsAP wrong 5 GHz interface MAC address;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased supported distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions (introduced in 6.42rc);
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for "multi-queue" feature for "virtio-net" driver;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface matching by name on VMware installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) chr - run startup scripts also on the first boot on AWS and Google Cloud installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed LTE band setting for SXT LTE;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly detect hAP ac^2 RAM size;
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - fixed SSH service becoming unavailable;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show dual SIM options only for RouterBOARDS which does have two SIM slots;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dns - do not generate "Undo" messages on changes to dynamic servers;
*) ike2 - fixed framed IP address received from RADIUS server;
*) ippool6 - added pool name to "no more addresses left" error message;
*) ipv6 - fixed IPv6 behavior when slave leaves bridge;
*) ipv6 - update IPv6 DNS from RA only when it is changed;
*) led - added "Dark Mode" support for wAP 60G;
*) led - added w60g alignment trigger;
*) rb1100ahx4 - improved reliability on hardware encryption;
*) w60g - added "tx-power" setting (CLI only);
*) w60g - added RSSI information (CLI only);
*) w60g - added TX sector alignment information (CLI only);
*) winbox - fixed Neighbor Discovery and MAC Winbox (introduced in v6.42rc);
*) wireless - fixed RB911-5HnD low transmit power issue;
*) wireless - fixed wsAP wrong 5 GHz interface MAC address;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased supported distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions (introduced in 6.42rc);
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for "multi-queue" feature for "virtio-net" driver;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface matching by name on VMware installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) chr - run startup scripts also on the first boot on AWS and Google Cloud installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed LTE band setting for SXT LTE;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly detect hAP ac^2 RAM size;
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - fixed SSH service becoming unavailable;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show dual SIM options only for RouterBOARDS which does have two SIM slots;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc52
2018-03-27
What's new in 6.42rc52 (2018-Mar-26 12:41):
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions (introduced in 6.42rc);
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added support for "multi-queue" feature for "virtio-net" driver;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - fixed interface matching by name on VMware installations;
*) chr - run startup scripts also on the first boot on AWS and Google Cloud installations;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - fixed LTE band setting for SXT LTE;
*) routerboard - properly detect hAP ac^2 RAM size;
*) ssh - fixed SSH service becoming unavailable;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased supported distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions (introduced in 6.42rc);
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added support for "multi-queue" feature for "virtio-net" driver;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - fixed interface matching by name on VMware installations;
*) chr - run startup scripts also on the first boot on AWS and Google Cloud installations;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - fixed LTE band setting for SXT LTE;
*) routerboard - properly detect hAP ac^2 RAM size;
*) ssh - fixed SSH service becoming unavailable;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased supported distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc52
2018-03-27
What's new in 6.42rc52 (2018-Mar-26 12:41):
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions (introduced in 6.42rc);
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added support for "multi-queue" feature for "virtio-net" driver;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - fixed interface matching by name on VMware installations;
*) chr - run startup scripts also on the first boot on AWS and Google Cloud installations;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - fixed LTE band setting for SXT LTE;
*) routerboard - properly detect hAP ac^2 RAM size;
*) ssh - fixed SSH service becoming unavailable;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased supported distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions (introduced in 6.42rc);
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added support for "multi-queue" feature for "virtio-net" driver;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - fixed interface matching by name on VMware installations;
*) chr - run startup scripts also on the first boot on AWS and Google Cloud installations;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - fixed LTE band setting for SXT LTE;
*) routerboard - properly detect hAP ac^2 RAM size;
*) ssh - fixed SSH service becoming unavailable;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased supported distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc52
2018-03-27
What's new in 6.42rc52 (2018-Mar-26 12:41):
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions (introduced in 6.42rc);
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added support for "multi-queue" feature for "virtio-net" driver;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - fixed interface matching by name on VMware installations;
*) chr - run startup scripts also on the first boot on AWS and Google Cloud installations;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - fixed LTE band setting for SXT LTE;
*) routerboard - properly detect hAP ac^2 RAM size;
*) ssh - fixed SSH service becoming unavailable;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased supported distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions (introduced in 6.42rc);
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added support for "multi-queue" feature for "virtio-net" driver;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - fixed interface matching by name on VMware installations;
*) chr - run startup scripts also on the first boot on AWS and Google Cloud installations;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - fixed LTE band setting for SXT LTE;
*) routerboard - properly detect hAP ac^2 RAM size;
*) ssh - fixed SSH service becoming unavailable;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased supported distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc5
2018-01-03
What's new in 6.42rc5 (2018-Jan-03 10:51):
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed “aes-ctr” and “aes-gcm” encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - fixed HTTPS authentication process;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41:
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) tile - fixed USB device speed detection after reboot;
*) traffic-flow - do not count single extra packet per each flow;
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed “aes-ctr” and “aes-gcm” encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - fixed HTTPS authentication process;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41:
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) tile - fixed USB device speed detection after reboot;
*) traffic-flow - do not count single extra packet per each flow;
Версия 6.42rc5
2018-01-03
What's new in 6.42rc5 (2018-Jan-03 10:51):
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed “aes-ctr” and “aes-gcm” encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - fixed HTTPS authentication process;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41:
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) tile - fixed USB device speed detection after reboot;
*) traffic-flow - do not count single extra packet per each flow;
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed “aes-ctr” and “aes-gcm” encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - fixed HTTPS authentication process;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41:
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) tile - fixed USB device speed detection after reboot;
*) traffic-flow - do not count single extra packet per each flow;
Версия 6.42rc5
2018-01-03
What's new in 6.42rc5 (2018-Jan-03 10:51):
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed “aes-ctr” and “aes-gcm” encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - fixed HTTPS authentication process;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41:
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) tile - fixed USB device speed detection after reboot;
*) traffic-flow - do not count single extra packet per each flow;
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - fixed “aes-ctr” and “aes-gcm” encryption algorithms (introduced v6.41);
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) log - properly report bridge interface MAC address changes;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - fixed HTTPS authentication process;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41:
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) tile - fixed USB device speed detection after reboot;
*) traffic-flow - do not count single extra packet per each flow;
Версия 6.42rc49
2018-03-21
What's new in 6.42rc49 (2018-Mar-21 12:34):
*) w60g/Wireless-Wire - increased supported distance for wAP 60G to 200+ meters;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) w60g/Wireless-Wire - increased supported distance for wAP 60G to 200+ meters;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc49
2018-03-21
What's new in 6.42rc49 (2018-Mar-21 12:34):
*) w60g/Wireless-Wire - increased supported distance for wAP 60G to 200+ meters;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) w60g/Wireless-Wire - increased supported distance for wAP 60G to 200+ meters;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc49
2018-03-21
What's new in 6.42rc49 (2018-Mar-21 12:34):
*) w60g/Wireless-Wire - increased supported distance for wAP 60G to 200+ meters;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) w60g/Wireless-Wire - increased supported distance for wAP 60G to 200+ meters;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc48
2018-03-21
What's new in 6.42rc48 (2018-Mar-21 11:13):
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) ups - improved communication between router and UPS;
*) wireless - improved Nv2 PtMP performance;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) ups - improved communication between router and UPS;
*) wireless - improved Nv2 PtMP performance;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc48
2018-03-21
What's new in 6.42rc48 (2018-Mar-21 11:13):
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) ups - improved communication between router and UPS;
*) wireless - improved Nv2 PtMP performance;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) ups - improved communication between router and UPS;
*) wireless - improved Nv2 PtMP performance;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc48
2018-03-21
What's new in 6.42rc48 (2018-Mar-21 11:13):
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) ups - improved communication between router and UPS;
*) wireless - improved Nv2 PtMP performance;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) ups - improved communication between router and UPS;
*) wireless - improved Nv2 PtMP performance;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - by default use "/24" subnet for local network;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc46
2018-03-20
What's new in 6.42rc46 (2018-Mar-20 05:53):
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) quickset - by default use "/24" subnet for local network;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - use proper graph name for HDD graphs;
*) wireless - improved Nv2 PtMP performance;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) quickset - by default use "/24" subnet for local network;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - use proper graph name for HDD graphs;
*) wireless - improved Nv2 PtMP performance;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc46
2018-03-20
What's new in 6.42rc46 (2018-Mar-20 05:53):
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) quickset - by default use "/24" subnet for local network;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - use proper graph name for HDD graphs;
*) wireless - improved Nv2 PtMP performance;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) quickset - by default use "/24" subnet for local network;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - use proper graph name for HDD graphs;
*) wireless - improved Nv2 PtMP performance;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc46
2018-03-20
What's new in 6.42rc46 (2018-Mar-20 05:53):
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) quickset - by default use "/24" subnet for local network;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - use proper graph name for HDD graphs;
*) wireless - improved Nv2 PtMP performance;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) quickset - by default use "/24" subnet for local network;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) routerboot - fixed RouterBOOT upgrade process (introduced in v6.42rc);
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - use proper graph name for HDD graphs;
*) wireless - improved Nv2 PtMP performance;
Other changes since 6.41.3:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc43
2018-03-15
What's new in 6.42rc43 (2018-Mar-14 10:45):
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) crs326 - fixed known multicast flooding to the CPU;
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
Other changes since 6.41.3:
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) crs326 - fixed known multicast flooding to the CPU;
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
Other changes since 6.41.3:
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc43
2018-03-15
What's new in 6.42rc43 (2018-Mar-14 10:45):
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) crs326 - fixed known multicast flooding to the CPU;
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
Other changes since 6.41.3:
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) crs326 - fixed known multicast flooding to the CPU;
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
Other changes since 6.41.3:
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc43
2018-03-15
What's new in 6.42rc43 (2018-Mar-14 10:45):
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) crs326 - fixed known multicast flooding to the CPU;
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
Other changes since 6.41.3:
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) crs326 - fixed known multicast flooding to the CPU;
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
Other changes since 6.41.3:
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc41
2018-03-12
What's new in 6.42rc41 (2018-Mar-09 08:01):
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) snmp - added "board-name" OID;
Other changes since 6.41.3:
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) snmp - added "board-name" OID;
Other changes since 6.41.3:
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc41
2018-03-12
What's new in 6.42rc41 (2018-Mar-09 08:01):
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) snmp - added "board-name" OID;
Other changes since 6.41.3:
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) snmp - added "board-name" OID;
Other changes since 6.41.3:
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc41
2018-03-12
What's new in 6.42rc41 (2018-Mar-09 08:01):
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) snmp - added "board-name" OID;
Other changes since 6.41.3:
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS platform devices;
*) snmp - added "board-name" OID;
Other changes since 6.41.3:
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added support for static hosts;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc39
2018-03-07
What's new in 6.42rc39 (2018-Mar-07 07:01):
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge - added per-port learning options;
*) bridge - added support for static hosts;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) email - set maximum number of sessions to 100;
*) fetch - increased maximum number of sessions to 100;
*) ike1 - fixed wildcard policy lookup on responder;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - fixed maximal ID for Traffic Generator stream;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - removed Enable and Disable buttons from IPsec "mode-config" list;
*) winbox - show "D" flag under "/ip dhcp-client" menu;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - improved wireless scan functionality;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - do not allow variables that start with digit to be referenced without $ sign;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) defconf - fixed DISC Lite5 LED default configuration;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) romon - make secret field sensitive in console;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) tr069-client - fixed TR069 service becoming unavailable when related service package is not available;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) usb - improved packet processing over USB modems;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge - added per-port learning options;
*) bridge - added support for static hosts;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) email - set maximum number of sessions to 100;
*) fetch - increased maximum number of sessions to 100;
*) ike1 - fixed wildcard policy lookup on responder;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - fixed maximal ID for Traffic Generator stream;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - removed Enable and Disable buttons from IPsec "mode-config" list;
*) winbox - show "D" flag under "/ip dhcp-client" menu;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - improved wireless scan functionality;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - do not allow variables that start with digit to be referenced without $ sign;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) defconf - fixed DISC Lite5 LED default configuration;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) romon - make secret field sensitive in console;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) tr069-client - fixed TR069 service becoming unavailable when related service package is not available;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) usb - improved packet processing over USB modems;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc39
2018-03-07
What's new in 6.42rc39 (2018-Mar-07 07:01):
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge - added per-port learning options;
*) bridge - added support for static hosts;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) email - set maximum number of sessions to 100;
*) fetch - increased maximum number of sessions to 100;
*) ike1 - fixed wildcard policy lookup on responder;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - fixed maximal ID for Traffic Generator stream;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - removed Enable and Disable buttons from IPsec "mode-config" list;
*) winbox - show "D" flag under "/ip dhcp-client" menu;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - improved wireless scan functionality;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - do not allow variables that start with digit to be referenced without $ sign;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) defconf - fixed DISC Lite5 LED default configuration;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) romon - make secret field sensitive in console;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) tr069-client - fixed TR069 service becoming unavailable when related service package is not available;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) usb - improved packet processing over USB modems;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge - added per-port learning options;
*) bridge - added support for static hosts;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) email - set maximum number of sessions to 100;
*) fetch - increased maximum number of sessions to 100;
*) ike1 - fixed wildcard policy lookup on responder;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - fixed maximal ID for Traffic Generator stream;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - removed Enable and Disable buttons from IPsec "mode-config" list;
*) winbox - show "D" flag under "/ip dhcp-client" menu;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - improved wireless scan functionality;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - do not allow variables that start with digit to be referenced without $ sign;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) defconf - fixed DISC Lite5 LED default configuration;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) romon - make secret field sensitive in console;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) tr069-client - fixed TR069 service becoming unavailable when related service package is not available;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) usb - improved packet processing over USB modems;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc39
2018-03-07
What's new in 6.42rc39 (2018-Mar-07 07:01):
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge - added per-port learning options;
*) bridge - added support for static hosts;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) email - set maximum number of sessions to 100;
*) fetch - increased maximum number of sessions to 100;
*) ike1 - fixed wildcard policy lookup on responder;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - fixed maximal ID for Traffic Generator stream;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - removed Enable and Disable buttons from IPsec "mode-config" list;
*) winbox - show "D" flag under "/ip dhcp-client" menu;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - improved wireless scan functionality;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - do not allow variables that start with digit to be referenced without $ sign;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) defconf - fixed DISC Lite5 LED default configuration;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) romon - make secret field sensitive in console;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) tr069-client - fixed TR069 service becoming unavailable when related service package is not available;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) usb - improved packet processing over USB modems;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge - added per-port learning options;
*) bridge - added support for static hosts;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) email - set maximum number of sessions to 100;
*) fetch - increased maximum number of sessions to 100;
*) ike1 - fixed wildcard policy lookup on responder;
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) winbox - made UDP local and remote TX size parameter optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added broadcast and flood settings to bridge ports;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - fixed maximal ID for Traffic Generator stream;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - removed Enable and Disable buttons from IPsec "mode-config" list;
*) winbox - show "D" flag under "/ip dhcp-client" menu;
*) winbox - show CQI in LTE info;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - improved wireless scan functionality;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - do not allow variables that start with digit to be referenced without $ sign;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) defconf - fixed DISC Lite5 LED default configuration;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) romon - make secret field sensitive in console;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) tr069-client - fixed TR069 service becoming unavailable when related service package is not available;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) usb - improved packet processing over USB modems;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc37
2018-03-01
What's new in 6.42rc37 (2018-Mar-01 09:29):
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) console - do not allow variables that start with digit to be referenced without $ sign;
*) romon - make secret field sensitive in console;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added static host support (CLI only);
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List and Datapath entries (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) defconf - fixed DISC Lite5 LED default configuration;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) tr069-client - fixed TR069 service becoming unavailable when related service package is not available;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) usb - improved packet processing over USB modems;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) console - do not allow variables that start with digit to be referenced without $ sign;
*) romon - make secret field sensitive in console;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added static host support (CLI only);
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List and Datapath entries (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) defconf - fixed DISC Lite5 LED default configuration;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) tr069-client - fixed TR069 service becoming unavailable when related service package is not available;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) usb - improved packet processing over USB modems;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc37
2018-03-01
What's new in 6.42rc37 (2018-Mar-01 09:29):
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) console - do not allow variables that start with digit to be referenced without $ sign;
*) romon - make secret field sensitive in console;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added static host support (CLI only);
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List and Datapath entries (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) defconf - fixed DISC Lite5 LED default configuration;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) tr069-client - fixed TR069 service becoming unavailable when related service package is not available;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) usb - improved packet processing over USB modems;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) console - do not allow variables that start with digit to be referenced without $ sign;
*) romon - make secret field sensitive in console;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added static host support (CLI only);
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List and Datapath entries (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) defconf - fixed DISC Lite5 LED default configuration;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) tr069-client - fixed TR069 service becoming unavailable when related service package is not available;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) usb - improved packet processing over USB modems;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc37
2018-03-01
What's new in 6.42rc37 (2018-Mar-01 09:29):
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) console - do not allow variables that start with digit to be referenced without $ sign;
*) romon - make secret field sensitive in console;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added static host support (CLI only);
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List and Datapath entries (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) defconf - fixed DISC Lite5 LED default configuration;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) tr069-client - fixed TR069 service becoming unavailable when related service package is not available;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) usb - improved packet processing over USB modems;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) console - do not allow variables that start with digit to be referenced without $ sign;
*) romon - make secret field sensitive in console;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - added host aging timer for crs3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts (CLI only);
*) bridge - added per-port learning options (CLI only);
*) bridge - added static host support (CLI only);
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List and Datapath entries (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot through CRS326 devices;
*) crs3xx - added initial “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) crs3xx - added switch port "storm-rate" limiting options;
*) defconf - fixed DISC Lite5 LED default configuration;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) gps - improved NMEA sentence handling;
*) health - log warning when switching between redundant power supplies;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - hide PoE related properties on interfaces which does not provide power output;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) tr069-client - fixed TR069 service becoming unavailable when related service package is not available;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) usb - improved packet processing over USB modems;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Версия 6.42rc30
2018-02-21
What's new in 6.42rc30 (2018-Feb-20 10:44):
*) console - improved console stability after it has not been used for a long time;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) lte - improved IP configuration request process for r11e-LTE-US card;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) usb - improved packet processing over USB modems;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List and Datapath entries (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) gps - improved NMEA sentence handling;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) console - improved console stability after it has not been used for a long time;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) lte - improved IP configuration request process for r11e-LTE-US card;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) usb - improved packet processing over USB modems;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List and Datapath entries (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) gps - improved NMEA sentence handling;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc30
2018-02-21
What's new in 6.42rc30 (2018-Feb-20 10:44):
*) console - improved console stability after it has not been used for a long time;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) lte - improved IP configuration request process for r11e-LTE-US card;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) usb - improved packet processing over USB modems;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List and Datapath entries (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) gps - improved NMEA sentence handling;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) console - improved console stability after it has not been used for a long time;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) lte - improved IP configuration request process for r11e-LTE-US card;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) usb - improved packet processing over USB modems;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List and Datapath entries (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) gps - improved NMEA sentence handling;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc30
2018-02-21
What's new in 6.42rc30 (2018-Feb-20 10:44):
*) console - improved console stability after it has not been used for a long time;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) lte - improved IP configuration request process for r11e-LTE-US card;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) usb - improved packet processing over USB modems;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List and Datapath entries (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) gps - improved NMEA sentence handling;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) console - improved console stability after it has not been used for a long time;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) filesystem - improved error correcting process on RB1100AHx4 storage;
*) gps - added GPS port support for Quectel EC25-E modem when used in LTE mode;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - fixed rare situation when r11-LTE interface is missing after reboot;
*) lte - improved IP configuration request process for r11e-LTE-US card;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) usb - improved packet processing over USB modems;
*) wireless - improved wireless stability on hAP ac2 devices while USB is being used;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - fixed false MAC address learning on hAP ac2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List and Datapath entries (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced in v6.41);
*) gps - improved NMEA sentence handling;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) r11e-lte - improved LTE connection initialization process;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc28
2018-02-16
What's new in 6.42rc28 (2018-Feb-16 07:02):
*) chr - added "virtio-scsi" driver on KVM installations;
*) chr - added support for Hyper-V ballooning;
*) chr - added support for Hyper-V guest quiescing;
*) chr - added support for Hyper-V host-guest file transfer;
*) chr - added support for Hyper-V integration services;
*) chr - added support for Hyper-V static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) gps - improved NMEA sentence handling;
*) r11e-lte - improved LTE connection initialization process;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - fixed false MAC address learning on hAP ac2, cAP ac;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List entries (CLI only);
*) capsman - added support for "interface-list" in datapath (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed fresh installations (including ISO images) (introduced in v6.42rc24);
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) chr - added "virtio-scsi" driver on KVM installations;
*) chr - added support for Hyper-V ballooning;
*) chr - added support for Hyper-V guest quiescing;
*) chr - added support for Hyper-V host-guest file transfer;
*) chr - added support for Hyper-V integration services;
*) chr - added support for Hyper-V static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) gps - improved NMEA sentence handling;
*) r11e-lte - improved LTE connection initialization process;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - fixed false MAC address learning on hAP ac2, cAP ac;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List entries (CLI only);
*) capsman - added support for "interface-list" in datapath (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed fresh installations (including ISO images) (introduced in v6.42rc24);
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc28
2018-02-16
What's new in 6.42rc28 (2018-Feb-16 07:02):
*) chr - added "virtio-scsi" driver on KVM installations;
*) chr - added support for Hyper-V ballooning;
*) chr - added support for Hyper-V guest quiescing;
*) chr - added support for Hyper-V host-guest file transfer;
*) chr - added support for Hyper-V integration services;
*) chr - added support for Hyper-V static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) gps - improved NMEA sentence handling;
*) r11e-lte - improved LTE connection initialization process;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - fixed false MAC address learning on hAP ac2, cAP ac;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List entries (CLI only);
*) capsman - added support for "interface-list" in datapath (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed fresh installations (including ISO images) (introduced in v6.42rc24);
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) chr - added "virtio-scsi" driver on KVM installations;
*) chr - added support for Hyper-V ballooning;
*) chr - added support for Hyper-V guest quiescing;
*) chr - added support for Hyper-V host-guest file transfer;
*) chr - added support for Hyper-V integration services;
*) chr - added support for Hyper-V static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) gps - improved NMEA sentence handling;
*) r11e-lte - improved LTE connection initialization process;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - fixed false MAC address learning on hAP ac2, cAP ac;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List entries (CLI only);
*) capsman - added support for "interface-list" in datapath (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed fresh installations (including ISO images) (introduced in v6.42rc24);
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc28
2018-02-16
What's new in 6.42rc28 (2018-Feb-16 07:02):
*) chr - added "virtio-scsi" driver on KVM installations;
*) chr - added support for Hyper-V ballooning;
*) chr - added support for Hyper-V guest quiescing;
*) chr - added support for Hyper-V host-guest file transfer;
*) chr - added support for Hyper-V integration services;
*) chr - added support for Hyper-V static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) gps - improved NMEA sentence handling;
*) r11e-lte - improved LTE connection initialization process;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - fixed false MAC address learning on hAP ac2, cAP ac;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List entries (CLI only);
*) capsman - added support for "interface-list" in datapath (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed fresh installations (including ISO images) (introduced in v6.42rc24);
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) chr - added "virtio-scsi" driver on KVM installations;
*) chr - added support for Hyper-V ballooning;
*) chr - added support for Hyper-V guest quiescing;
*) chr - added support for Hyper-V host-guest file transfer;
*) chr - added support for Hyper-V integration services;
*) chr - added support for Hyper-V static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) gps - improved NMEA sentence handling;
*) r11e-lte - improved LTE connection initialization process;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - fixed false MAC address learning on hAP ac2, cAP ac;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List entries (CLI only);
*) capsman - added support for "interface-list" in datapath (CLI only);
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed fresh installations (including ISO images) (introduced in v6.42rc24);
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) smb - improved NetBIOS name handling and stability;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed occasional reporting of bogus voltage;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc27
2018-02-15
What's new in 6.42rc27 (2018-Feb-14 11:53):
*) bridge - fixed false MAC address learning on hAP ac2, cAP ac;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) capsman - added "allow-signal-out-off-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List entries (CLI only);
*) capsman - added support for "interface-list" in datapath (CLI only);
*) capsman - log "signal-strength" when successfully connected to AP;
*) chr - fixed fresh installations (including ISO images) (introduced in v6.42rc24);
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) smb - improved NetBIOS name handling and stability;
*) snmp - added "/interface w60g print oid";
*) tile - fixed occasional reporting of bogus voltage;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) bridge - fixed false MAC address learning on hAP ac2, cAP ac;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) capsman - added "allow-signal-out-off-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List entries (CLI only);
*) capsman - added support for "interface-list" in datapath (CLI only);
*) capsman - log "signal-strength" when successfully connected to AP;
*) chr - fixed fresh installations (including ISO images) (introduced in v6.42rc24);
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) smb - improved NetBIOS name handling and stability;
*) snmp - added "/interface w60g print oid";
*) tile - fixed occasional reporting of bogus voltage;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc27
2018-02-15
What's new in 6.42rc27 (2018-Feb-14 11:53):
*) bridge - fixed false MAC address learning on hAP ac2, cAP ac;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) capsman - added "allow-signal-out-off-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List entries (CLI only);
*) capsman - added support for "interface-list" in datapath (CLI only);
*) capsman - log "signal-strength" when successfully connected to AP;
*) chr - fixed fresh installations (including ISO images) (introduced in v6.42rc24);
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) smb - improved NetBIOS name handling and stability;
*) snmp - added "/interface w60g print oid";
*) tile - fixed occasional reporting of bogus voltage;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) bridge - fixed false MAC address learning on hAP ac2, cAP ac;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) capsman - added "allow-signal-out-off-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List entries (CLI only);
*) capsman - added support for "interface-list" in datapath (CLI only);
*) capsman - log "signal-strength" when successfully connected to AP;
*) chr - fixed fresh installations (including ISO images) (introduced in v6.42rc24);
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) smb - improved NetBIOS name handling and stability;
*) snmp - added "/interface w60g print oid";
*) tile - fixed occasional reporting of bogus voltage;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc27
2018-02-15
What's new in 6.42rc27 (2018-Feb-14 11:53):
*) bridge - fixed false MAC address learning on hAP ac2, cAP ac;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) capsman - added "allow-signal-out-off-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List entries (CLI only);
*) capsman - added support for "interface-list" in datapath (CLI only);
*) capsman - log "signal-strength" when successfully connected to AP;
*) chr - fixed fresh installations (including ISO images) (introduced in v6.42rc24);
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) smb - improved NetBIOS name handling and stability;
*) snmp - added "/interface w60g print oid";
*) tile - fixed occasional reporting of bogus voltage;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) bridge - fixed false MAC address learning on hAP ac2, cAP ac;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - hide options for disabled bridge features in CLI;
*) capsman - added "allow-signal-out-off-range" option for Access List entries (CLI only);
*) capsman - added support for "interface-list" in Access List entries (CLI only);
*) capsman - added support for "interface-list" in datapath (CLI only);
*) capsman - log "signal-strength" when successfully connected to AP;
*) chr - fixed fresh installations (including ISO images) (introduced in v6.42rc24);
*) kidcontrol - initial work on "/ip kid-control" feature;
*) lte - added initial support for SIM7600 LTE modem interface;
*) smb - improved NetBIOS name handling and stability;
*) snmp - added "/interface w60g print oid";
*) tile - fixed occasional reporting of bogus voltage;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac" (CLI only);
*) wireless - added support for "interface-list" in Access List entries (CLI only);
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
Other changes since 6.41.2:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) export - fixed "/system routerboard mode-button" compact export;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc24
2018-02-08
What's new in 6.42rc24 (2018-Feb-08 09:42):
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) export - fixed "/system routerboard mode-button" compact export;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
Other changes since 6.41.1:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) disk - fixed disk related processes becoming unresponsive after unplugging used disk;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly report warnings under "/system routerboard" menu;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) w60g - fixed "/interface w60g reset-configuration";
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - changed default bridge port PVID value to 1;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) export - fixed "/system routerboard mode-button" compact export;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
Other changes since 6.41.1:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) disk - fixed disk related processes becoming unresponsive after unplugging used disk;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly report warnings under "/system routerboard" menu;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) w60g - fixed "/interface w60g reset-configuration";
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - changed default bridge port PVID value to 1;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc24
2018-02-08
What's new in 6.42rc24 (2018-Feb-08 09:42):
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) export - fixed "/system routerboard mode-button" compact export;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
Other changes since 6.41.1:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) disk - fixed disk related processes becoming unresponsive after unplugging used disk;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly report warnings under "/system routerboard" menu;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) w60g - fixed "/interface w60g reset-configuration";
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - changed default bridge port PVID value to 1;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) export - fixed "/system routerboard mode-button" compact export;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
Other changes since 6.41.1:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) disk - fixed disk related processes becoming unresponsive after unplugging used disk;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly report warnings under "/system routerboard" menu;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) w60g - fixed "/interface w60g reset-configuration";
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - changed default bridge port PVID value to 1;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc24
2018-02-08
What's new in 6.42rc24 (2018-Feb-08 09:42):
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) export - fixed "/system routerboard mode-button" compact export;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
Other changes since 6.41.1:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) disk - fixed disk related processes becoming unresponsive after unplugging used disk;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly report warnings under "/system routerboard" menu;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) w60g - fixed "/interface w60g reset-configuration";
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - changed default bridge port PVID value to 1;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) export - fixed "/system routerboard mode-button" compact export;
*) firewall - fixed "tls-host" firewall feature (introduced v6.41);
Other changes since 6.41.1:
!) tile - improved overall system performance and stability ("/system routerboard upgrade" required);
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) disk - fixed disk related processes becoming unresponsive after unplugging used disk;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly report warnings under "/system routerboard" menu;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) userman - added support for ARM and MMIPS platform;
*) w60g - fixed "/interface w60g reset-configuration";
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - changed default bridge port PVID value to 1;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - added initial support for "nstreme-plus";
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc23
2018-02-08
What's new in 6.42rc23 (2018-Feb-07 09:41):
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) disk - fixed disk related processes becoming unresponsive after unplugging used disk;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
*) routerboard - properly report warnings under "/system routerboard" menu;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added w60g support;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) w60g - fixed "/interface w60g reset-configuration";
*) winbox - changed default bridge port PVID value to 1;
*) wireless - added initial support for "nstreme-plus";
*) wireless - improved compatibility with specific wireless AC standard clients;
Other changes since 6.41.1:
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) disk - fixed disk related processes becoming unresponsive after unplugging used disk;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
*) routerboard - properly report warnings under "/system routerboard" menu;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added w60g support;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) w60g - fixed "/interface w60g reset-configuration";
*) winbox - changed default bridge port PVID value to 1;
*) wireless - added initial support for "nstreme-plus";
*) wireless - improved compatibility with specific wireless AC standard clients;
Other changes since 6.41.1:
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc23
2018-02-08
What's new in 6.42rc23 (2018-Feb-07 09:41):
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) disk - fixed disk related processes becoming unresponsive after unplugging used disk;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
*) routerboard - properly report warnings under "/system routerboard" menu;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added w60g support;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) w60g - fixed "/interface w60g reset-configuration";
*) winbox - changed default bridge port PVID value to 1;
*) wireless - added initial support for "nstreme-plus";
*) wireless - improved compatibility with specific wireless AC standard clients;
Other changes since 6.41.1:
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) disk - fixed disk related processes becoming unresponsive after unplugging used disk;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
*) routerboard - properly report warnings under "/system routerboard" menu;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added w60g support;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) w60g - fixed "/interface w60g reset-configuration";
*) winbox - changed default bridge port PVID value to 1;
*) wireless - added initial support for "nstreme-plus";
*) wireless - improved compatibility with specific wireless AC standard clients;
Other changes since 6.41.1:
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc23
2018-02-08
What's new in 6.42rc23 (2018-Feb-07 09:41):
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) disk - fixed disk related processes becoming unresponsive after unplugging used disk;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
*) routerboard - properly report warnings under "/system routerboard" menu;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added w60g support;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) w60g - fixed "/interface w60g reset-configuration";
*) winbox - changed default bridge port PVID value to 1;
*) wireless - added initial support for "nstreme-plus";
*) wireless - improved compatibility with specific wireless AC standard clients;
Other changes since 6.41.1:
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38 (CLI only);
*) crs3xx - added initial hw-offload support for 802.3ad and balance-xor bonding
*) disk - fixed disk related processes becoming unresponsive after unplugging used disk;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - do not lose "/ppp profile" script configuration after other profile parameters are edited;
*) routerboard - properly report warnings under "/system routerboard" menu;
*) sniffer - fixed situation when "/tool sniffer packet" returned packets in incorrect order;
*) snmp - added w60g support;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) w60g - fixed "/interface w60g reset-configuration";
*) winbox - changed default bridge port PVID value to 1;
*) wireless - added initial support for "nstreme-plus";
*) wireless - improved compatibility with specific wireless AC standard clients;
Other changes since 6.41.1:
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc20
2018-02-02
What's new in 6.42rc20 (2018-Feb-02 10:50):
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
Other changes since 6.41.1:
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
Other changes since 6.41.1:
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc20
2018-02-02
What's new in 6.42rc20 (2018-Feb-02 10:50):
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
Other changes since 6.41.1:
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
Other changes since 6.41.1:
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc20
2018-02-02
What's new in 6.42rc20 (2018-Feb-02 10:50):
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
Other changes since 6.41.1:
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
Other changes since 6.41.1:
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs3xx - added switch port "storm-rate" limiting options;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed wireless protocol mode restrictions if lockapck is installed and has limits for it;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc2
2017-12-27
What's new in 6.42rc2 (2017-Dec-27 07:37):
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher;
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) tile - fixed USB device speed detection after reboot;
*) traffic-flow - do not count single extra packet per each flow;
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher;
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) tile - fixed USB device speed detection after reboot;
*) traffic-flow - do not count single extra packet per each flow;
Версия 6.42rc2
2017-12-27
What's new in 6.42rc2 (2017-Dec-27 07:37):
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher;
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) tile - fixed USB device speed detection after reboot;
*) traffic-flow - do not count single extra packet per each flow;
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher;
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) tile - fixed USB device speed detection after reboot;
*) traffic-flow - do not count single extra packet per each flow;
Версия 6.42rc2
2017-12-27
What's new in 6.42rc2 (2017-Dec-27 07:37):
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher;
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) tile - fixed USB device speed detection after reboot;
*) traffic-flow - do not count single extra packet per each flow;
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher;
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) tile - fixed USB device speed detection after reboot;
*) traffic-flow - do not count single extra packet per each flow;
Версия 6.42rc18
2018-02-02
What's new in 6.42rc18 (2018-Feb-02 07:27):
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) crs3xx - added switch port "storm-rate" limiting options;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - allow to comment new object without committing it;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed wireless protocol mode restrictions if lock package is installed and has limits for it;
Other changes since 6.41.1:
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) crs3xx - added switch port "storm-rate" limiting options;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - allow to comment new object without committing it;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed wireless protocol mode restrictions if lock package is installed and has limits for it;
Other changes since 6.41.1:
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc18
2018-02-02
What's new in 6.42rc18 (2018-Feb-02 07:27):
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) crs3xx - added switch port "storm-rate" limiting options;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - allow to comment new object without committing it;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed wireless protocol mode restrictions if lock package is installed and has limits for it;
Other changes since 6.41.1:
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) crs3xx - added switch port "storm-rate" limiting options;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - allow to comment new object without committing it;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed wireless protocol mode restrictions if lock package is installed and has limits for it;
Other changes since 6.41.1:
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc18
2018-02-02
What's new in 6.42rc18 (2018-Feb-02 07:27):
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) crs3xx - added switch port "storm-rate" limiting options;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - allow to comment new object without committing it;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed wireless protocol mode restrictions if lock package is installed and has limits for it;
Other changes since 6.41.1:
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) crs3xx - added switch port "storm-rate" limiting options;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) lte - fixed AT communication with modem (introduced in v6.42rc12);
*) switch - hide "ingress-rate" and "egress-rate" for non-crs3xx switches;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) webfig - fixed backup loading from Webfig on RouterBOARD running default configuration;
*) winbox - allow to comment new object without committing it;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed wireless protocol mode restrictions if lock package is installed and has limits for it;
Other changes since 6.41.1:
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new system ID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) userman - added support for ARM and MMIPS platform;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Версия 6.42rc15
2018-01-26
What's new in 6.42rc15 (2018-Jan-26 08:21):
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) ippool - added ability to specify comment;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sfp - improved SFP module compatibility;
*) userman - added support for ARM and MMIPS platform;
*) webfig - do not show "hw" option on non-ethernet interfaces;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
Other changes since 6.41:
*) bridge - fixed "mst-override" export;
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed ARP option changing on bridge (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - do not use utf8 for SCEP challange password;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed PKCS#10 version;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - improved LTE package description;
*) ovpn - fixed resource leak on systems with high CPU usage;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) ippool - added ability to specify comment;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sfp - improved SFP module compatibility;
*) userman - added support for ARM and MMIPS platform;
*) webfig - do not show "hw" option on non-ethernet interfaces;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
Other changes since 6.41:
*) bridge - fixed "mst-override" export;
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed ARP option changing on bridge (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - do not use utf8 for SCEP challange password;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed PKCS#10 version;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - improved LTE package description;
*) ovpn - fixed resource leak on systems with high CPU usage;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Версия 6.42rc15
2018-01-26
What's new in 6.42rc15 (2018-Jan-26 08:21):
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) ippool - added ability to specify comment;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sfp - improved SFP module compatibility;
*) userman - added support for ARM and MMIPS platform;
*) webfig - do not show "hw" option on non-ethernet interfaces;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
Other changes since 6.41:
*) bridge - fixed "mst-override" export;
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed ARP option changing on bridge (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - do not use utf8 for SCEP challange password;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed PKCS#10 version;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - improved LTE package description;
*) ovpn - fixed resource leak on systems with high CPU usage;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) ippool - added ability to specify comment;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sfp - improved SFP module compatibility;
*) userman - added support for ARM and MMIPS platform;
*) webfig - do not show "hw" option on non-ethernet interfaces;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
Other changes since 6.41:
*) bridge - fixed "mst-override" export;
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed ARP option changing on bridge (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - do not use utf8 for SCEP challange password;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed PKCS#10 version;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - improved LTE package description;
*) ovpn - fixed resource leak on systems with high CPU usage;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Версия 6.42rc15
2018-01-26
What's new in 6.42rc15 (2018-Jan-26 08:21):
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) ippool - added ability to specify comment;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sfp - improved SFP module compatibility;
*) userman - added support for ARM and MMIPS platform;
*) webfig - do not show "hw" option on non-ethernet interfaces;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
Other changes since 6.41:
*) bridge - fixed "mst-override" export;
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed ARP option changing on bridge (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - do not use utf8 for SCEP challange password;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed PKCS#10 version;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - improved LTE package description;
*) ovpn - fixed resource leak on systems with high CPU usage;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-server - added DHCPv4 style user options;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) ippool - added ability to specify comment;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) sfp - improved SFP module compatibility;
*) userman - added support for ARM and MMIPS platform;
*) webfig - do not show "hw" option on non-ethernet interfaces;
*) winbox - added "crl-store" setting to certficate settings;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
Other changes since 6.41:
*) bridge - fixed "mst-override" export;
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed ARP option changing on bridge (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - added PKCS#10 version check;
*) certificate - do not use utf8 for SCEP challange password;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed PKCS#10 version;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - improved LTE package description;
*) ovpn - fixed resource leak on systems with high CPU usage;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Версия 6.42rc14
2018-01-24
What's new in 6.42rc14 (2018-Jan-24 12:35):
*) bridge - fixed ARP option changing on bridge (introduced v6.41);
*) bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed PKCS#10 version;
*) netinstall - improved LTE package description;
*) ovpn - fixed resource leak on systems with high CPU usage;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required) (CLI only);
*) userman - added support for ARM and MMIPS platforms;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41:
*) bridge - fixed "mst-override" export;
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - do not use utf8 for SCEP challange password;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options (CLI only);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment (CLI only);
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
*) bridge - fixed ARP option changing on bridge (introduced v6.41);
*) bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed PKCS#10 version;
*) netinstall - improved LTE package description;
*) ovpn - fixed resource leak on systems with high CPU usage;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required) (CLI only);
*) userman - added support for ARM and MMIPS platforms;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41:
*) bridge - fixed "mst-override" export;
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - do not use utf8 for SCEP challange password;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options (CLI only);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment (CLI only);
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Версия 6.42rc14
2018-01-24
What's new in 6.42rc14 (2018-Jan-24 12:35):
*) bridge - fixed ARP option changing on bridge (introduced v6.41);
*) bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed PKCS#10 version;
*) netinstall - improved LTE package description;
*) ovpn - fixed resource leak on systems with high CPU usage;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required) (CLI only);
*) userman - added support for ARM and MMIPS platforms;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41:
*) bridge - fixed "mst-override" export;
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - do not use utf8 for SCEP challange password;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options (CLI only);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment (CLI only);
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
*) bridge - fixed ARP option changing on bridge (introduced v6.41);
*) bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed PKCS#10 version;
*) netinstall - improved LTE package description;
*) ovpn - fixed resource leak on systems with high CPU usage;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required) (CLI only);
*) userman - added support for ARM and MMIPS platforms;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41:
*) bridge - fixed "mst-override" export;
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - do not use utf8 for SCEP challange password;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options (CLI only);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment (CLI only);
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Версия 6.42rc14
2018-01-24
What's new in 6.42rc14 (2018-Jan-24 12:35):
*) bridge - fixed ARP option changing on bridge (introduced v6.41);
*) bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed PKCS#10 version;
*) netinstall - improved LTE package description;
*) ovpn - fixed resource leak on systems with high CPU usage;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required) (CLI only);
*) userman - added support for ARM and MMIPS platforms;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41:
*) bridge - fixed "mst-override" export;
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - do not use utf8 for SCEP challange password;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options (CLI only);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment (CLI only);
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
*) bridge - fixed ARP option changing on bridge (introduced v6.41);
*) bridge - fixed VLAN filtering when "use-ip-firewall" is enabled (introduced in v6.41);
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed PKCS#10 version;
*) netinstall - improved LTE package description;
*) ovpn - fixed resource leak on systems with high CPU usage;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) rb433/rb450 - fixed port flapping on bridged Ethernet interfaces if hw-offload is enabled (introduced in v6.41);
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required) (CLI only);
*) userman - added support for ARM and MMIPS platforms;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
Other changes since 6.41:
*) bridge - fixed "mst-override" export;
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - do not use utf8 for SCEP challange password;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options (CLI only);
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment (CLI only);
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added "/caps-man interface print oid";
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Версия 6.42rc12
2018-01-23
What's new in 6.42rc12 (2018-Jan-22 13:34):
*) bridge - fixed "mst-override" export;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) dhcpv6-server - added DHCPv4 style user options (CLI only);
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment (CLI only);
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required) (CLI only);
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
Other changes since 6.41:
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - do not use utf8 for SCEP challange password;
*) chr - automatically generate new systemID on first startup;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
*) bridge - fixed "mst-override" export;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) dhcpv6-server - added DHCPv4 style user options (CLI only);
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment (CLI only);
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required) (CLI only);
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
Other changes since 6.41:
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - do not use utf8 for SCEP challange password;
*) chr - automatically generate new systemID on first startup;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Версия 6.42rc12
2018-01-23
What's new in 6.42rc12 (2018-Jan-22 13:34):
*) bridge - fixed "mst-override" export;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) dhcpv6-server - added DHCPv4 style user options (CLI only);
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment (CLI only);
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required) (CLI only);
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
Other changes since 6.41:
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - do not use utf8 for SCEP challange password;
*) chr - automatically generate new systemID on first startup;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
*) bridge - fixed "mst-override" export;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) dhcpv6-server - added DHCPv4 style user options (CLI only);
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment (CLI only);
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required) (CLI only);
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
Other changes since 6.41:
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - do not use utf8 for SCEP challange password;
*) chr - automatically generate new systemID on first startup;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Версия 6.42rc12
2018-01-23
What's new in 6.42rc12 (2018-Jan-22 13:34):
*) bridge - fixed "mst-override" export;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) dhcpv6-server - added DHCPv4 style user options (CLI only);
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment (CLI only);
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required) (CLI only);
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
Other changes since 6.41:
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - do not use utf8 for SCEP challange password;
*) chr - automatically generate new systemID on first startup;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
*) bridge - fixed "mst-override" export;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) dhcpv6-server - added DHCPv4 style user options (CLI only);
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment (CLI only);
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - fixed change-mss functionality in some specific traffic (introduced in v6.41);
*) quickset - properly detect LTE interface on startup;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required) (CLI only);
*) snmp - added "/caps-man interface print oid";
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
Other changes since 6.41:
*) bridge - fixed allowed MSTI priority values;
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) certificate - do not use utf8 for SCEP challange password;
*) chr - automatically generate new systemID on first startup;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) ppp - changed default value of "route-distance" to 1;
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for w60g interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behavior;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed nv2 (introduced in v6.42rc);
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Версия 6.42rc11
2018-01-18
What's new in 6.42rc11 (2018-Jan-18 12:42):
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed allowed MSTI priority values;
*) certificate - do not use utf8 for SCEP challenge password;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6-client - implement confirm after reboot;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss funcionality in some specific traffic (introduced in v6.41);
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed nv2 (introduced in v6.42rc);
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-server - added DHCPv4 style user options;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for W60G interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) winbox - added possibility to delete SMS from Inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behaviour;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed allowed MSTI priority values;
*) certificate - do not use utf8 for SCEP challenge password;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6-client - implement confirm after reboot;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss funcionality in some specific traffic (introduced in v6.41);
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed nv2 (introduced in v6.42rc);
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-server - added DHCPv4 style user options;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for W60G interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) winbox - added possibility to delete SMS from Inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behaviour;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Версия 6.42rc11
2018-01-18
What's new in 6.42rc11 (2018-Jan-18 12:42):
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed allowed MSTI priority values;
*) certificate - do not use utf8 for SCEP challenge password;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6-client - implement confirm after reboot;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss funcionality in some specific traffic (introduced in v6.41);
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed nv2 (introduced in v6.42rc);
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-server - added DHCPv4 style user options;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for W60G interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) winbox - added possibility to delete SMS from Inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behaviour;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed allowed MSTI priority values;
*) certificate - do not use utf8 for SCEP challenge password;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6-client - implement confirm after reboot;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss funcionality in some specific traffic (introduced in v6.41);
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed nv2 (introduced in v6.42rc);
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-server - added DHCPv4 style user options;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for W60G interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) winbox - added possibility to delete SMS from Inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behaviour;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Версия 6.42rc11
2018-01-18
What's new in 6.42rc11 (2018-Jan-18 12:42):
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed allowed MSTI priority values;
*) certificate - do not use utf8 for SCEP challenge password;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6-client - implement confirm after reboot;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss funcionality in some specific traffic (introduced in v6.41);
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed nv2 (introduced in v6.42rc);
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-server - added DHCPv4 style user options;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for W60G interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) winbox - added possibility to delete SMS from Inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behaviour;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
*) bridge - fixed IGMP Snooping after disabling/enabling bridge;
*) bridge - fixed allowed MSTI priority values;
*) certificate - do not use utf8 for SCEP challenge password;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - automatically generate new systemID on first startup;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make virtio disks visible under "/disk" on KVM installations;
*) crs326 - fixed possible packet leaking from CPU to switch ports;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6-client - implement confirm after reboot;
*) filesystem - fixed situations when "/flash" directory lost files after upgrade;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) kidcontrol - added initial support for "/ip kid-control" feature;
*) ppp - changed default value of "route-distance" to 1;
*) ppp - fixed change-mss funcionality in some specific traffic (introduced in v6.41);
*) webfig - fixed MAC address ordering;
*) webfig - fixed wireless snooper address, SSID and other column ordering;
*) winbox - added "dhcp-option-set" to DHCP server;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - show Bridge Port PVID column by default;
*) wireless - fixed nv2 (introduced in v6.42rc);
Other changes since 6.41:
*) bridge - fixed bridge related settings conversation during upgrade from pre-v6.41 bridge implementation (introduced v6.41);
*) bridge - fixed hw-offload disabling for Mediatek and Realtek switches when STP/RSTP configured;
*) bridge - fixed hw-offload disabling when adding a port with "horizon" set;
*) bridge - fixed interface list moving in "/interface bridge port" menu;
*) bridge - fixed repetitive port "priority" set;
*) bridge - fixed situation when packet could be sent with local MAC as dst-mac;
*) bridge - properly update "actual-mtu" after MTU value changes (introduced v6.41);
*) btest - fixed TCP test accuracy when low TX/RX rates are used;
*) capsman - improved CAPsMAN responsiveness on systems with large amount of CAP interfaces;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs317 - improved transmit performance between 10G and 1G ports;
*) crs3xx - hide deprecated VLAN related settings in "/interface ethernet switch port" menu;
*) detnet - additional work on "detect-internet" implementation;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced v6.41);
*) dhcpv4-server - fixed framed and classless route received from RADIUS server;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options (CLI only);
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-server - added DHCPv4 style user options;
*) discovery - fixed discovery related settings conversation during upgrade from pre-v6.41 discovery implementation (introduced v6.41);
*) dude - fixed e-mail notifications when default port is not used;
*) firewall - fixed "tls-host" firewall matcher (introduced v6.41);
*) firewall - limited maximum "address-list-timeout" value to 35w3d13h13m56s;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed "aes-ctr" and "aes-gcm" encryption algorithms (introduced v6.41);
*) ike2 - delay rekeyed peer outbound SA installation;
*) ike2 - improve half-open connection handling;
*) interface - improved interface configuration responsiveness;
*) ipsec - properly update IPsec secret for IPIP/EoIP/GRE dynamic peer;
*) log - properly report bridge interface MAC address changes;
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) poe-out - do not show "poe-out-current" on devices which can not determine it;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - show "G" flag for guest users;
*) radius - added warning if PPP authentication over RADIUS is enabled;
*) radius - increase allowed RADIUS server timeout to 60s;
*) rb1100ahx4 - fixed reset button responsiveness when regular firmware is used;
*) routerboot - fixed missing upgrade firmware for "ar7240" devices;
*) snmp - added w60g support;
*) snmp - allow also IPv6 on default public community;
*) snmp - fixed SNMP for W60G interfaces;
*) ssh - improved key import error messages;
*) tile - added "aes-ctr" hardware acceleration support;
*) tile - fixed USB device speed detection after reboot;
*) tile - improved stability in high throughput HW accelerated IPsec setups ("/system routerboard upgrade" required);
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - do not count single extra packet per each flow;
*) webfig - added support for proper default policies when adding script or scheduler job;
*) webfig - fixed bridge port sorting order by name;
*) winbox - added possibility to delete SMS from Inbox;
*) winbox - allow to open bridge host entry;
*) winbox - allow to specify "to-ports" for "action=masquerade";
*) winbox - do not show "hw" option on non-ethernet interfaces;
*) winbox - do not show VLAN related settings in switch port menu on CRS3xx boards;
*) winbox - fixed "/tool e-mail send" attachment behaviour;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - improved wireless scan functionality for devices with multiple wireless interfaces;
*) wireless - updated "Czech Republic" country 5.8 GHz frequency range;
Версия 6.41rc66
2017-12-15
What's new in 6.41rc66 (2017-Dec-14 13:53):
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
*) capsman - added possibility to downgrade CAP with upgrade command from CAPsMAN;
*) crs326 - improved transmit performance from SFP+ to Ethernet ports;
*) dhcp-server - added basic RADIUS accounting;
*) ike1 - disallow peer creation using base mode;
*) ike2 - added support for multiple split networks;
*) ike2 - do not allow to configure nat-traversal;
*) ipsec - improved hardware accelerated IPSec performance on 750Gr3;
*) ppp - fixed "change-mss" functionality when MSS option is missing on forwarded packets;
*) ppp - fixed L2TP and PPTP encryption negotiation process on configuration changes;
*) pppoe-client - properly re-establish MLPPP session when one of the lines stopped transmitting packets;
*) quickset - fixed LTE quickset mode APN field;
*) route - improved reliability on routing table update;
*) snmp - fixed bulk requests when non-repeaters are used;
*) wireless - added support for CHARGEABLE_USER_ID in EAP Accounting;
*) wireless - updated "UK 5.8 Fixed" and "Australia" regulatory domain information;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
!) w60g - added Point to Multipoint support;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs;
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) capsman - use "adaptive-noise-immunity" value from CAP local configuration;
*) certificate - added option to store CRL in RAM (CLI only);
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - improved CRL update after system startup;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) certificate - show invalid flag when local CRL file does not exist;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs317 - fixed reliability on FAN controller;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) dhcpv4-server - added "NETWORK_GATEWAY" option variable;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed PH1 lifetime reset on boot;
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed Passthrough support;
*) lte - fixed authentication for non LTE modes;
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) lte - update info command with "location area code" and "physical cell id" values;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added initial support for PLE902;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) sms - log decoded USSD responses;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - fixed consecutive OID bulk get from the same table;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) system - show USB topology for the device info;
*) tile - improved hardware encryption processes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) userman - allow to generate more than 999 users;
*) w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
*) w60g - connected stations are treated as separate interfaces;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
*) webfig - added favicon file;
*) webfig - fixed router getting reset to default configuration;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "W60G station" tab in Wireless menu;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - added switch menu on RB1100AHx4;
*) winbox - do not show MetaROUTER stuff on RB1100AHx4;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan option for wireless scan mode;
*) wireless - check APs against connect-list rules starting with strongest signal;
*) wireless - do not show background scan frequencies in the monitor command channel field;
*) wireless - fixed channel selection when special channels used (introduced in v6.41rc);
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - increased the EAP message retransmit count;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
*) capsman - added possibility to downgrade CAP with upgrade command from CAPsMAN;
*) crs326 - improved transmit performance from SFP+ to Ethernet ports;
*) dhcp-server - added basic RADIUS accounting;
*) ike1 - disallow peer creation using base mode;
*) ike2 - added support for multiple split networks;
*) ike2 - do not allow to configure nat-traversal;
*) ipsec - improved hardware accelerated IPSec performance on 750Gr3;
*) ppp - fixed "change-mss" functionality when MSS option is missing on forwarded packets;
*) ppp - fixed L2TP and PPTP encryption negotiation process on configuration changes;
*) pppoe-client - properly re-establish MLPPP session when one of the lines stopped transmitting packets;
*) quickset - fixed LTE quickset mode APN field;
*) route - improved reliability on routing table update;
*) snmp - fixed bulk requests when non-repeaters are used;
*) wireless - added support for CHARGEABLE_USER_ID in EAP Accounting;
*) wireless - updated "UK 5.8 Fixed" and "Australia" regulatory domain information;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
!) w60g - added Point to Multipoint support;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs;
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) capsman - use "adaptive-noise-immunity" value from CAP local configuration;
*) certificate - added option to store CRL in RAM (CLI only);
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - improved CRL update after system startup;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) certificate - show invalid flag when local CRL file does not exist;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs317 - fixed reliability on FAN controller;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) dhcpv4-server - added "NETWORK_GATEWAY" option variable;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed PH1 lifetime reset on boot;
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed Passthrough support;
*) lte - fixed authentication for non LTE modes;
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) lte - update info command with "location area code" and "physical cell id" values;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added initial support for PLE902;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) sms - log decoded USSD responses;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - fixed consecutive OID bulk get from the same table;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) system - show USB topology for the device info;
*) tile - improved hardware encryption processes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) userman - allow to generate more than 999 users;
*) w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
*) w60g - connected stations are treated as separate interfaces;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
*) webfig - added favicon file;
*) webfig - fixed router getting reset to default configuration;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "W60G station" tab in Wireless menu;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - added switch menu on RB1100AHx4;
*) winbox - do not show MetaROUTER stuff on RB1100AHx4;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan option for wireless scan mode;
*) wireless - check APs against connect-list rules starting with strongest signal;
*) wireless - do not show background scan frequencies in the monitor command channel field;
*) wireless - fixed channel selection when special channels used (introduced in v6.41rc);
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - increased the EAP message retransmit count;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.41rc66
2017-12-15
What's new in 6.41rc66 (2017-Dec-14 13:53):
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
*) capsman - added possibility to downgrade CAP with upgrade command from CAPsMAN;
*) crs326 - improved transmit performance from SFP+ to Ethernet ports;
*) dhcp-server - added basic RADIUS accounting;
*) ike1 - disallow peer creation using base mode;
*) ike2 - added support for multiple split networks;
*) ike2 - do not allow to configure nat-traversal;
*) ipsec - improved hardware accelerated IPSec performance on 750Gr3;
*) ppp - fixed "change-mss" functionality when MSS option is missing on forwarded packets;
*) ppp - fixed L2TP and PPTP encryption negotiation process on configuration changes;
*) pppoe-client - properly re-establish MLPPP session when one of the lines stopped transmitting packets;
*) quickset - fixed LTE quickset mode APN field;
*) route - improved reliability on routing table update;
*) snmp - fixed bulk requests when non-repeaters are used;
*) wireless - added support for CHARGEABLE_USER_ID in EAP Accounting;
*) wireless - updated "UK 5.8 Fixed" and "Australia" regulatory domain information;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
!) w60g - added Point to Multipoint support;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs;
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) capsman - use "adaptive-noise-immunity" value from CAP local configuration;
*) certificate - added option to store CRL in RAM (CLI only);
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - improved CRL update after system startup;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) certificate - show invalid flag when local CRL file does not exist;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs317 - fixed reliability on FAN controller;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) dhcpv4-server - added "NETWORK_GATEWAY" option variable;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed PH1 lifetime reset on boot;
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed Passthrough support;
*) lte - fixed authentication for non LTE modes;
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) lte - update info command with "location area code" and "physical cell id" values;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added initial support for PLE902;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) sms - log decoded USSD responses;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - fixed consecutive OID bulk get from the same table;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) system - show USB topology for the device info;
*) tile - improved hardware encryption processes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) userman - allow to generate more than 999 users;
*) w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
*) w60g - connected stations are treated as separate interfaces;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
*) webfig - added favicon file;
*) webfig - fixed router getting reset to default configuration;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "W60G station" tab in Wireless menu;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - added switch menu on RB1100AHx4;
*) winbox - do not show MetaROUTER stuff on RB1100AHx4;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan option for wireless scan mode;
*) wireless - check APs against connect-list rules starting with strongest signal;
*) wireless - do not show background scan frequencies in the monitor command channel field;
*) wireless - fixed channel selection when special channels used (introduced in v6.41rc);
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - increased the EAP message retransmit count;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
*) capsman - added possibility to downgrade CAP with upgrade command from CAPsMAN;
*) crs326 - improved transmit performance from SFP+ to Ethernet ports;
*) dhcp-server - added basic RADIUS accounting;
*) ike1 - disallow peer creation using base mode;
*) ike2 - added support for multiple split networks;
*) ike2 - do not allow to configure nat-traversal;
*) ipsec - improved hardware accelerated IPSec performance on 750Gr3;
*) ppp - fixed "change-mss" functionality when MSS option is missing on forwarded packets;
*) ppp - fixed L2TP and PPTP encryption negotiation process on configuration changes;
*) pppoe-client - properly re-establish MLPPP session when one of the lines stopped transmitting packets;
*) quickset - fixed LTE quickset mode APN field;
*) route - improved reliability on routing table update;
*) snmp - fixed bulk requests when non-repeaters are used;
*) wireless - added support for CHARGEABLE_USER_ID in EAP Accounting;
*) wireless - updated "UK 5.8 Fixed" and "Australia" regulatory domain information;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
!) w60g - added Point to Multipoint support;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs;
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) capsman - use "adaptive-noise-immunity" value from CAP local configuration;
*) certificate - added option to store CRL in RAM (CLI only);
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - improved CRL update after system startup;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) certificate - show invalid flag when local CRL file does not exist;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs317 - fixed reliability on FAN controller;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) dhcpv4-server - added "NETWORK_GATEWAY" option variable;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed PH1 lifetime reset on boot;
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed Passthrough support;
*) lte - fixed authentication for non LTE modes;
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) lte - update info command with "location area code" and "physical cell id" values;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added initial support for PLE902;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) sms - log decoded USSD responses;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - fixed consecutive OID bulk get from the same table;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) system - show USB topology for the device info;
*) tile - improved hardware encryption processes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) userman - allow to generate more than 999 users;
*) w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
*) w60g - connected stations are treated as separate interfaces;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
*) webfig - added favicon file;
*) webfig - fixed router getting reset to default configuration;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "W60G station" tab in Wireless menu;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - added switch menu on RB1100AHx4;
*) winbox - do not show MetaROUTER stuff on RB1100AHx4;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan option for wireless scan mode;
*) wireless - check APs against connect-list rules starting with strongest signal;
*) wireless - do not show background scan frequencies in the monitor command channel field;
*) wireless - fixed channel selection when special channels used (introduced in v6.41rc);
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - increased the EAP message retransmit count;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.41rc66
2017-12-15
What's new in 6.41rc66 (2017-Dec-14 13:53):
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
*) capsman - added possibility to downgrade CAP with upgrade command from CAPsMAN;
*) crs326 - improved transmit performance from SFP+ to Ethernet ports;
*) dhcp-server - added basic RADIUS accounting;
*) ike1 - disallow peer creation using base mode;
*) ike2 - added support for multiple split networks;
*) ike2 - do not allow to configure nat-traversal;
*) ipsec - improved hardware accelerated IPSec performance on 750Gr3;
*) ppp - fixed "change-mss" functionality when MSS option is missing on forwarded packets;
*) ppp - fixed L2TP and PPTP encryption negotiation process on configuration changes;
*) pppoe-client - properly re-establish MLPPP session when one of the lines stopped transmitting packets;
*) quickset - fixed LTE quickset mode APN field;
*) route - improved reliability on routing table update;
*) snmp - fixed bulk requests when non-repeaters are used;
*) wireless - added support for CHARGEABLE_USER_ID in EAP Accounting;
*) wireless - updated "UK 5.8 Fixed" and "Australia" regulatory domain information;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
!) w60g - added Point to Multipoint support;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs;
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) capsman - use "adaptive-noise-immunity" value from CAP local configuration;
*) certificate - added option to store CRL in RAM (CLI only);
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - improved CRL update after system startup;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) certificate - show invalid flag when local CRL file does not exist;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs317 - fixed reliability on FAN controller;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) dhcpv4-server - added "NETWORK_GATEWAY" option variable;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed PH1 lifetime reset on boot;
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed Passthrough support;
*) lte - fixed authentication for non LTE modes;
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) lte - update info command with "location area code" and "physical cell id" values;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added initial support for PLE902;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) sms - log decoded USSD responses;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - fixed consecutive OID bulk get from the same table;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) system - show USB topology for the device info;
*) tile - improved hardware encryption processes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) userman - allow to generate more than 999 users;
*) w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
*) w60g - connected stations are treated as separate interfaces;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
*) webfig - added favicon file;
*) webfig - fixed router getting reset to default configuration;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "W60G station" tab in Wireless menu;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - added switch menu on RB1100AHx4;
*) winbox - do not show MetaROUTER stuff on RB1100AHx4;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan option for wireless scan mode;
*) wireless - check APs against connect-list rules starting with strongest signal;
*) wireless - do not show background scan frequencies in the monitor command channel field;
*) wireless - fixed channel selection when special channels used (introduced in v6.41rc);
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - increased the EAP message retransmit count;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
*) capsman - added possibility to downgrade CAP with upgrade command from CAPsMAN;
*) crs326 - improved transmit performance from SFP+ to Ethernet ports;
*) dhcp-server - added basic RADIUS accounting;
*) ike1 - disallow peer creation using base mode;
*) ike2 - added support for multiple split networks;
*) ike2 - do not allow to configure nat-traversal;
*) ipsec - improved hardware accelerated IPSec performance on 750Gr3;
*) ppp - fixed "change-mss" functionality when MSS option is missing on forwarded packets;
*) ppp - fixed L2TP and PPTP encryption negotiation process on configuration changes;
*) pppoe-client - properly re-establish MLPPP session when one of the lines stopped transmitting packets;
*) quickset - fixed LTE quickset mode APN field;
*) route - improved reliability on routing table update;
*) snmp - fixed bulk requests when non-repeaters are used;
*) wireless - added support for CHARGEABLE_USER_ID in EAP Accounting;
*) wireless - updated "UK 5.8 Fixed" and "Australia" regulatory domain information;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
!) w60g - added Point to Multipoint support;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs;
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) capsman - use "adaptive-noise-immunity" value from CAP local configuration;
*) certificate - added option to store CRL in RAM (CLI only);
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - improved CRL update after system startup;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) certificate - show invalid flag when local CRL file does not exist;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs317 - fixed reliability on FAN controller;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) dhcpv4-server - added "NETWORK_GATEWAY" option variable;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed PH1 lifetime reset on boot;
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed Passthrough support;
*) lte - fixed authentication for non LTE modes;
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) lte - update info command with "location area code" and "physical cell id" values;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added initial support for PLE902;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) sms - log decoded USSD responses;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - fixed consecutive OID bulk get from the same table;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) system - show USB topology for the device info;
*) tile - improved hardware encryption processes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) userman - allow to generate more than 999 users;
*) w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
*) w60g - connected stations are treated as separate interfaces;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
*) webfig - added favicon file;
*) webfig - fixed router getting reset to default configuration;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "W60G station" tab in Wireless menu;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - added switch menu on RB1100AHx4;
*) winbox - do not show MetaROUTER stuff on RB1100AHx4;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan option for wireless scan mode;
*) wireless - check APs against connect-list rules starting with strongest signal;
*) wireless - do not show background scan frequencies in the monitor command channel field;
*) wireless - fixed channel selection when special channels used (introduced in v6.41rc);
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - increased the EAP message retransmit count;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.41rc61
2017-12-06
What's new in 6.41rc61 (2017-Dec-06 08:15):
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
*) bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
*) bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
*) capsman - use "adaptive-noise-immunity" value from CAP local configuration;
*) certificate - added option to store CRL in RAM (CLI only);
*) certificate - improved CRL update after system startup;
*) certificate - show invalid flag when local CRL file does not exist;
*) crs317 - fixed reliability on FAN controller;
*) dhcpv4-server - added "NETWORK_GATEWAY" option variable;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher;
*) lte - fixed Passthrough support;
*) lte - update info command with "location area code" (LAC);
*) lte - provide lte info "physical cell id" values (R11e-LTE only);
*) ppp - added initial support for PLE902;
*) sms - log decoded USSD responses;
*) snmp - fixed consecutive OID bulk get from the same table when non-repeaters are > 0;
*) system - show USB topology for the device info;
*) webfig - fixed router getting reset to default configuration;
*) winbox - added switch menu on RB1100AHx4;
*) winbox - do not show MetaROUTER stuff on RB1100AHx4;
*) wireless - check APs against connect-list rules starting with strongest signal;
*) wireless - do not show background scan frequencies in the monitor command channel field;
*) wireless - fixed channel selection when special channels used (introduced in v6.41rc);
*) wireless - increased the EAP message retransmit count;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) w60g - added Point to Multipoint support;
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed PH1 lifetime reset on boot;
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed authentication for non LTE modes;
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) userman - allow to generate more than 999 users;
*) w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
*) w60g - connected stations are treated as separate interfaces;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "W60G station" tab in Wireless menu;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan option for wireless scan mode;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
*) bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
*) bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
*) capsman - use "adaptive-noise-immunity" value from CAP local configuration;
*) certificate - added option to store CRL in RAM (CLI only);
*) certificate - improved CRL update after system startup;
*) certificate - show invalid flag when local CRL file does not exist;
*) crs317 - fixed reliability on FAN controller;
*) dhcpv4-server - added "NETWORK_GATEWAY" option variable;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher;
*) lte - fixed Passthrough support;
*) lte - update info command with "location area code" (LAC);
*) lte - provide lte info "physical cell id" values (R11e-LTE only);
*) ppp - added initial support for PLE902;
*) sms - log decoded USSD responses;
*) snmp - fixed consecutive OID bulk get from the same table when non-repeaters are > 0;
*) system - show USB topology for the device info;
*) webfig - fixed router getting reset to default configuration;
*) winbox - added switch menu on RB1100AHx4;
*) winbox - do not show MetaROUTER stuff on RB1100AHx4;
*) wireless - check APs against connect-list rules starting with strongest signal;
*) wireless - do not show background scan frequencies in the monitor command channel field;
*) wireless - fixed channel selection when special channels used (introduced in v6.41rc);
*) wireless - increased the EAP message retransmit count;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) w60g - added Point to Multipoint support;
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed PH1 lifetime reset on boot;
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed authentication for non LTE modes;
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) userman - allow to generate more than 999 users;
*) w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
*) w60g - connected stations are treated as separate interfaces;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "W60G station" tab in Wireless menu;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan option for wireless scan mode;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.41rc61
2017-12-06
What's new in 6.41rc61 (2017-Dec-06 08:15):
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
*) bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
*) bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
*) capsman - use "adaptive-noise-immunity" value from CAP local configuration;
*) certificate - added option to store CRL in RAM (CLI only);
*) certificate - improved CRL update after system startup;
*) certificate - show invalid flag when local CRL file does not exist;
*) crs317 - fixed reliability on FAN controller;
*) dhcpv4-server - added "NETWORK_GATEWAY" option variable;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher;
*) lte - fixed Passthrough support;
*) lte - update info command with "location area code" (LAC);
*) lte - provide lte info "physical cell id" values (R11e-LTE only);
*) ppp - added initial support for PLE902;
*) sms - log decoded USSD responses;
*) snmp - fixed consecutive OID bulk get from the same table when non-repeaters are > 0;
*) system - show USB topology for the device info;
*) webfig - fixed router getting reset to default configuration;
*) winbox - added switch menu on RB1100AHx4;
*) winbox - do not show MetaROUTER stuff on RB1100AHx4;
*) wireless - check APs against connect-list rules starting with strongest signal;
*) wireless - do not show background scan frequencies in the monitor command channel field;
*) wireless - fixed channel selection when special channels used (introduced in v6.41rc);
*) wireless - increased the EAP message retransmit count;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) w60g - added Point to Multipoint support;
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed PH1 lifetime reset on boot;
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed authentication for non LTE modes;
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) userman - allow to generate more than 999 users;
*) w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
*) w60g - connected stations are treated as separate interfaces;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "W60G station" tab in Wireless menu;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan option for wireless scan mode;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
*) bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
*) bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
*) capsman - use "adaptive-noise-immunity" value from CAP local configuration;
*) certificate - added option to store CRL in RAM (CLI only);
*) certificate - improved CRL update after system startup;
*) certificate - show invalid flag when local CRL file does not exist;
*) crs317 - fixed reliability on FAN controller;
*) dhcpv4-server - added "NETWORK_GATEWAY" option variable;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher;
*) lte - fixed Passthrough support;
*) lte - update info command with "location area code" (LAC);
*) lte - provide lte info "physical cell id" values (R11e-LTE only);
*) ppp - added initial support for PLE902;
*) sms - log decoded USSD responses;
*) snmp - fixed consecutive OID bulk get from the same table when non-repeaters are > 0;
*) system - show USB topology for the device info;
*) webfig - fixed router getting reset to default configuration;
*) winbox - added switch menu on RB1100AHx4;
*) winbox - do not show MetaROUTER stuff on RB1100AHx4;
*) wireless - check APs against connect-list rules starting with strongest signal;
*) wireless - do not show background scan frequencies in the monitor command channel field;
*) wireless - fixed channel selection when special channels used (introduced in v6.41rc);
*) wireless - increased the EAP message retransmit count;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) w60g - added Point to Multipoint support;
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed PH1 lifetime reset on boot;
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed authentication for non LTE modes;
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) userman - allow to generate more than 999 users;
*) w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
*) w60g - connected stations are treated as separate interfaces;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "W60G station" tab in Wireless menu;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan option for wireless scan mode;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.41rc61
2017-12-06
What's new in 6.41rc61 (2017-Dec-06 08:15):
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
*) bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
*) bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
*) capsman - use "adaptive-noise-immunity" value from CAP local configuration;
*) certificate - added option to store CRL in RAM (CLI only);
*) certificate - improved CRL update after system startup;
*) certificate - show invalid flag when local CRL file does not exist;
*) crs317 - fixed reliability on FAN controller;
*) dhcpv4-server - added "NETWORK_GATEWAY" option variable;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher;
*) lte - fixed Passthrough support;
*) lte - update info command with "location area code" (LAC);
*) lte - provide lte info "physical cell id" values (R11e-LTE only);
*) ppp - added initial support for PLE902;
*) sms - log decoded USSD responses;
*) snmp - fixed consecutive OID bulk get from the same table when non-repeaters are > 0;
*) system - show USB topology for the device info;
*) webfig - fixed router getting reset to default configuration;
*) winbox - added switch menu on RB1100AHx4;
*) winbox - do not show MetaROUTER stuff on RB1100AHx4;
*) wireless - check APs against connect-list rules starting with strongest signal;
*) wireless - do not show background scan frequencies in the monitor command channel field;
*) wireless - fixed channel selection when special channels used (introduced in v6.41rc);
*) wireless - increased the EAP message retransmit count;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) w60g - added Point to Multipoint support;
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed PH1 lifetime reset on boot;
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed authentication for non LTE modes;
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) userman - allow to generate more than 999 users;
*) w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
*) w60g - connected stations are treated as separate interfaces;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "W60G station" tab in Wireless menu;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan option for wireless scan mode;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
*) bridge - disable "hw-offload" when "horizon" or "external-fdb" is set;
*) bridge - fixed hw-offloaded IGMP Snooping service getting stopped;
*) capsman - use "adaptive-noise-immunity" value from CAP local configuration;
*) certificate - added option to store CRL in RAM (CLI only);
*) certificate - improved CRL update after system startup;
*) certificate - show invalid flag when local CRL file does not exist;
*) crs317 - fixed reliability on FAN controller;
*) dhcpv4-server - added "NETWORK_GATEWAY" option variable;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher;
*) lte - fixed Passthrough support;
*) lte - update info command with "location area code" (LAC);
*) lte - provide lte info "physical cell id" values (R11e-LTE only);
*) ppp - added initial support for PLE902;
*) sms - log decoded USSD responses;
*) snmp - fixed consecutive OID bulk get from the same table when non-repeaters are > 0;
*) system - show USB topology for the device info;
*) webfig - fixed router getting reset to default configuration;
*) winbox - added switch menu on RB1100AHx4;
*) winbox - do not show MetaROUTER stuff on RB1100AHx4;
*) wireless - check APs against connect-list rules starting with strongest signal;
*) wireless - do not show background scan frequencies in the monitor command channel field;
*) wireless - fixed channel selection when special channels used (introduced in v6.41rc);
*) wireless - increased the EAP message retransmit count;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) w60g - added Point to Multipoint support;
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed PH1 lifetime reset on boot;
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed authentication for non LTE modes;
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) userman - allow to generate more than 999 users;
*) w60g - added "put-slaves-in-bridge" and "isolate-slaves" options to manage connected clients;
*) w60g - connected stations are treated as separate interfaces;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) w60g - renamed modes - "master" to "ap-bridge", "slave" to "station-bridge";
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "W60G station" tab in Wireless menu;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan option for wireless scan mode;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.41rc56
2017-11-24
What's new in 6.41rc56 (2017-Nov-24 10:03):
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher (CLI only);
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) ike2 - fixed PH1 lifetime reset on boot;
*) lte - fixed authentication for non LTE modes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) userman - allow to generate more than 999 users;
*) wireless - added passive scan option for wireless scan mode;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher (CLI only);
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) ike2 - fixed PH1 lifetime reset on boot;
*) lte - fixed authentication for non LTE modes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) userman - allow to generate more than 999 users;
*) wireless - added passive scan option for wireless scan mode;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.41rc56
2017-11-24
What's new in 6.41rc56 (2017-Nov-24 10:03):
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher (CLI only);
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) ike2 - fixed PH1 lifetime reset on boot;
*) lte - fixed authentication for non LTE modes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) userman - allow to generate more than 999 users;
*) wireless - added passive scan option for wireless scan mode;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher (CLI only);
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) ike2 - fixed PH1 lifetime reset on boot;
*) lte - fixed authentication for non LTE modes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) userman - allow to generate more than 999 users;
*) wireless - added passive scan option for wireless scan mode;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.41rc56
2017-11-24
What's new in 6.41rc56 (2017-Nov-24 10:03):
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher (CLI only);
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) ike2 - fixed PH1 lifetime reset on boot;
*) lte - fixed authentication for non LTE modes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) userman - allow to generate more than 999 users;
*) wireless - added passive scan option for wireless scan mode;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
*) dhcp-client - limit and enforce DHCP client "default-route-distance" minimal value to 1;
*) dhcpv4-server - strip trailing "\0" in "hostname" if present;
*) filesystem - implemented additional system integrity checks on reboots;
*) firewall - added "tls-host" firewall matcher (CLI only);
*) hotspot - fixed "dst-port" to require valid "protocol" in "walled-garden ip";
*) ike2 - fixed PH1 lifetime reset on boot;
*) lte - fixed authentication for non LTE modes;
*) tr069-client - fixed "/interface lte apn" configuration parameters;
*) userman - allow to generate more than 999 users;
*) wireless - added passive scan option for wireless scan mode;
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
!) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added Yota non-configurable modem support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.41rc52
2017-11-22
What's new in 6.41rc52 (2017-Nov-07 08:48):
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan functionality (CLI only);
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limited DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - added Yota non-configurable modem support;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Important note!!! Backup before upgrade!
RouterOS (v6.40rc36-rc40 and) v6.41rc1+ contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus for now.
Please, note that downgrading to previous RouterOS versions will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
!) bridge - general implementation of hw-offload bridge (introduced in v6.40rc36);
*) discovery - use "/interface list" instead of interface name under neighbor discovery settings;
*) hotspot - fixed Walled Garden IP functionality when address-list is used;
*) ovpn-server - do not periodically change automatically generated server MAC address;
*) poe - added new "poe-out" status "controller-error";
*) poe - fixed false positive excessive logs in auto-on mode when connected to 100 Mbps device powered from another power source;
*) poe - log PoE status related messages under debug topic;
*) ppp - do not disconnect PPP connection after "idle-timeout" even if traffic is being processed;
*) quickset - added support for "/interface list" in firewall, neighbor discovery, MAC-Telnet and MAC-Winbox;
*) quickset - fixed situation when Quickset automatically changes mode to CPE;
*) w60g - general work on PtMP implementation for 60 GHz connections;
*) wireless - added "indonesia3" regulatory domain information;
*) wireless - added passive scan functionality (CLI only);
Other changes since 6.40.5:
!) bridge - implemented software based vlan-aware bridges;
https://wiki.mikrotik.com/wiki/Manual:Interface/Bridge#Bridge_VLAN_Filtering
!) switch - "master-port" conversion into a bridge with hardware offload "hw" option;
https://wiki.mikrotik.com/wiki/Manual:Switch_Chip_Features#Bridge_Hardware_Offloading
!) detnet - implemented "/interface detect-internet" feature;
https://wiki.mikrotik.com/wiki/Manual:Detect_internet
!) routerboot - RouterBOOT version numbering system merged with RouterOS;
*) arm - minor improvements on CPU load distribution for RB1100 series devices;
*) arp - fixed invalid static ARP entries after reboot on interfaces without IP address;
*) bgp - added 32-bit private ASN support;
*) bridge - added comment support for VLANs (CLI only);
*) bridge - added initial support for hardware "igmp-snooping" on CRS1xx/2xx;
*) bridge - added support for "/interface list" as a bridge port;
*) bridge - assume "point-to-point=yes" for all Full Duplex Ethernet interfaces when STP is used (as per standard);
*) bridge - automatically turn off "fast-forward" feature if both bridge ports have "H" flag;
*) bridge - changed "Host" and "MDB" table column order;
*) bridge - fixed "fast-forward" counters;
*) bridge - fixed ARP setting (introduced in v6.40rc36);
*) bridge - fixed connectivity issues when there are multiple VLAN interfaces on bridge;
*) bridge - fixed multicast forwarding (introduced in v6.40rc36);
*) bridge - implemented dynamic entries for active MST port overrides;
*) bridge - implemented software based "igmp-snooping";
*) bridge - implemented software based MSTP;
*) bridge - removed "frame-types" and "ingress-filtering" for bridge interfaces (introduced in v6.40rc36);
*) bridge - set "igmp-snooping=no" by default on new bridges;
*) bridge - show "admin-mac" only if "auto-mac=no";
*) bridge - show bridge interface local addresses in the host table;
*) btest - improved reliability on Bandwidth Test when device`s RAM is almost full;
*) capsman - added "vlan-mode=no-tag" option;
*) capsman - return complete CA chain when issuing new certificate;
*) certificate - fixed SCEP "get" request URL encoding;
*) certificate - show "Expired" flag when initial CRL fetch fails;
*) chr - added KVM memory balloon support;
*) chr - added suspend support;
*) console - do not stop "/certificate sign" process if console times out in 1 minute;
*) console - removed "/setup";
*) crs317 - added initial support for HW offloaded MPLS forwarding;
*) crs326 - fixed packet processing speed on switch chip if individual port link speed differs;
*) crs3xx - added ingress/egress rate input limits;
*) crs3xx - switch VLAN configuration integrated within bridge VLAN configuration with hw-offload;
*) dhcp - fixed DHCP services failing after reboot when DHCP option was used;
*) dhcp - fixed unresponsive DHCP service caused by inability to read not set RAW options;
*) dhcp - require DHCP option name to be unique;
*) dhcp-client - limited DHCP client "default-route-distance" minimal value to 1;
*) dhcp-server - added "option-set" argument (CLI only);
*) dhcpv4-client - add dynamic DHCP client for mobile clients which require it;
*) dhcpv4-client - allow to use DUID for client as identity string as the option 61;
*) e-mail - do not show errors when sending e-mail from script;
*) eoip - made L2MTU parameter read-only;
*) ethernet - removed "master-port" parameter;
*) export - fixed interface list export;
*) fetch - accept all HTTP 2xx status codes;
*) health - fixed bogus voltage readings on CCR1009;
*) ike1 - fixed crash on xauth if user does not exist;
*) ike1 - release mismatched PH2 peer IDs;
*) ike2 - check identities on "initial-contact";
*) ike2 - fixed initiator DDoS cookie processing;
*) ike2 - fixed responder DDoS cookie first notify type check;
*) ike2 - use peer configuration address when available on empty TSi;
*) interface - added "/interface reset-counters" command (CLI only);
*) interface - added default "/interface list" "dynamic" which contains dynamic interfaces;
*) interface - added option to join and exclude "/interface list" from one and another;
*) interface - fixed corrupted "/interface list" configuration after upgrade;
*) ippool6 - try to assign desired prefix for client if prefix is not being already used;
*) ipsec - added DH groups 19, 20 and 21 support for phase1 and phase2;
*) ipsec - allow to specify "remote-peer" address as DNS name;
*) ipsec - fixed incorrect esp proposal key size usage;
*) ipsec - fixed policy enable/disable;
*) ipsec - improved reliability on certificate usage;
*) ipsec - renamed "firewall" argument to "notrack-chain" in peer configuration;
*) ipsec - skip invalid policies for phase2;
*) ipv6 - add dynamic "/ip dns" server address from RA when RA is permitted by configuration;
*) l2tp - improved reliability on packet processing in FastPath;
*) l2tp-server - fixed PPP services becoming unresponsive after changes on L2TP server with IPSec configuration;
*) lcd - fixed "flip-screen=yes" state after reboot;
*) log - added "bridge" topic;
*) log - fixed interface name in log messages;
*) log - optimized "poe-out" logging topic logs;
*) lte - added "/interface lte apn" menu (Passthrough requires reconfiguration);
*) lte - added Passthrough support (CLI only);
*) lte - added Passthrough support;
*) lte - added support for ZTE ME3630 E1C with additional "/port" for GPS usage;
*) lte - added Yota non-configurable modem support;
*) lte - automatically add "/ip dhcp-client" configuration on interface;
*) lte - changed default values to "add-default-route=yes", "use-peer-dns=yes" and "default-route-distance=2";
*) lte - fixed error when trying to add APN profile without name;
*) lte - fixed rare crash when initializing LTE modem after reset;
*) lte - fixed user authentication for R11e-LTE when new firmware is used;
*) lte - integrated IP address acquisition without DHCP client for wAP LTE kit-US;
*) lte - limited minimal default route distance to 1;
*) m11g - improved ethernet performance on high load;
*) mac-server - use "/interface list" instead of interface name under MAC server settings;
*) modem - added initial support for Alcatel IK40 and Olicard 500;
*) neighbor - show neighbors on actual bridge port instead of bridge itself
*) netinstall - fixed missing "/flash/etc" on first bootup;
*) netinstall - fixed missing default configuration prompt on first startup after reset/netinstall;
*) ospf - fixed OSPF v2 and v3 neighbor election;
*) ppp - added support for Sierra MC7750, Verizon USB730L;
*) ppp - fixed situation when part of PPP configuration was reset to default values after reboot;
*) pppoe-server - fixed situation when PPPoE servers become invalid on reboot;
*) quickset - renamed router IP static DNS name to "router.lan";
*) radius - limited RADIUS timeout maximum value to 3 seconds;
*) sfp - fixed SFP interface power monitor when bad SFP DDMI information is received;
*) sftp - added functionality which imports ".auto.rsc" file or reboots router on ".auto.npk" upload;
*) sms - fixed minor problem for SMS delivery;
*) snmp - fixed "ifHighSpeed" value of VLAN, VRRP and Bonding interfaces;
*) snmp - fixed bridge host requests on devices with multiple bridge interfaces;
*) snmp - show only available OIDs under "/system health print oid";
*) ssh - do not use DH group1 with strong-crypto enabled;
*) ssh - enforced 2048bit DH group on tile and x86 architectures;
*) tile - improved hardware encryption processes;
*) traceroute - improved "/tool traceroute" results processing;
*) upnp - add "src-address" parameter on NAT rule if it is specified on UPnP request;
*) upnp - deny UPnP request if port is already used by the router;
*) ups - fixed duplicate "failed" UPS logs;
*) webfig - added favicon file;
*) webfig - fixed terminal graphic user interface under Safari browser;
*) winbox - added "notrack-chain" setting to IPSec peers;
*) winbox - added support for "_" symbol in terminal window;
*) winbox - do not show duplicate "Switch" menus for CRS326;
*) winbox - do not show duplicate "Template" parameters for filter in IPSec policy list;
*) winbox - do not show duplicate filter parameters "Published" in ARP list;
*) winbox - do not show unnecessary tabs from "Switch" menu;
*) winbox - fixed "/certificate sign" process;
*) winbox - fixed bridge port sorting order by interface name;
*) winbox - show warnings under "/system routerboard settings" menu;
*) wireless - added "allow-signal-out-off-range" option for Access List entries;
*) wireless - improved reliability on "rx-rate" selection process;
*) wireless - log "signal-strength" when successfully connected to AP;
*) wireless - new driver with initial support for 160 and 80+80 MHz channel width;
*) wireless - pass interface MAC address in Sniffer TZSP frames;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 7.9.2
2023-05-31
What's new in 7.9.2 (2023-May-30 16:49):
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - improved SFP interface handling for RB4011 device;
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - improved SFP interface handling for RB4011 device;
Версия 7.9.2
2023-05-31
What's new in 7.9.2 (2023-May-30 16:49):
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - improved SFP interface handling for RB4011 device;
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - improved SFP interface handling for RB4011 device;
Версия 7.9.2
2023-05-31
What's new in 7.9.2 (2023-May-30 16:49):
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - improved SFP interface handling for RB4011 device;
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) sfp - improved SFP interface handling for RB4011 device;
Версия 7.9.1
2023-05-22
What's new in 7.9.1 (2023-May-19 15:11):
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
Версия 7.9.1
2023-05-22
What's new in 7.9.1 (2023-May-19 15:11):
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
Версия 7.9.1
2023-05-22
What's new in 7.9.1 (2023-May-19 15:11):
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
Версия 7.9
2023-05-02
What's new in 7.9 (2023-May-02 08:35):
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) defconf - added CAPs mode script for wifiwave2 devices;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn - improved system stability for Tile devices;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - improved WPS connection speed;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) defconf - added CAPs mode script for wifiwave2 devices;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn - improved system stability for Tile devices;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - improved WPS connection speed;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9
2023-05-02
What's new in 7.9 (2023-May-02 08:35):
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) defconf - added CAPs mode script for wifiwave2 devices;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn - improved system stability for Tile devices;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - improved WPS connection speed;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) defconf - added CAPs mode script for wifiwave2 devices;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn - improved system stability for Tile devices;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - improved WPS connection speed;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.9
2023-05-02
What's new in 7.9 (2023-May-02 08:35):
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) defconf - added CAPs mode script for wifiwave2 devices;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn - improved system stability for Tile devices;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - improved WPS connection speed;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
*) bgp - improved BGP VPN selection;
*) bridge - added warning log when "ageing-time" exceeds supported hardware limit for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) bridge - fixed FastPath when setting "use-ip-firewall-for-vlan" or "use-ip-firewall-for-pppoe" without enabled "use-ip-firewall";
*) certificate - fixed bogus log messages;
*) chr - fixed public SSH key pulling when running on AWS;
*) console - added "/task" submenu (CLI only);
*) console - added option to create new files using "/file add" command (CLI only);
*) console - improved stability when doing "/console inspect" in certain menus;
*) console - improved stability when editing long strings;
*) console - improved system stability;
*) console - removed bogus "reset" command from "/system resource usb" menu;
*) console - rename flag "seen reply" to "seen-reply" under "/ipv6 firewall connection" menu;
*) console - replaced "fingerprint" with "skid" in "/certificate print";
*) console - show Ethernet advertise, speed and duplex settings depending on configured auto-negotiation;
*) container - fixed invoking "container shell" more than once;
*) container - improved "container pull" to support OCI manifest format;
*) defconf - added CAPs mode script for wifiwave2 devices;
*) detnet - fixed interface state detection after reboot;
*) dhcp - changed the default lease time for newly created DHCP servers to 30 minutes;
*) dhcpv4-server - release lease if "check-status" reveals no conflict;
*) disk - improved system stability when removing USB while formatting;
*) ethernet - fixed half-duplex forced mode at 10Mbps and 100Mbps on ether1 for RB5009, Chateau 5G ax and hAP ax3 devices;
*) filesystem - fixed partition "copy-to" function;
*) firewall - added "connection-nat-state" to IPv6 mangle and filter rules;
*) health - added limited manual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed bogus value reporting for CRS510 device;
*) ike2 - fixed minor logging typo;
*) ipsec - added error log message when peer ID does not match certificate;
*) ipsec - fixed packet processing by hardware encryption engine on RB850Gx2 device;
*) ipsec - refactor X.509 implementation;
*) ipv6 - added "valid" and "lifetime" parameters for SLAAC IPv6 addresses;
*) ipv6 - send out RA packet with "preferred-lifetime" set to "0" when IPv6 address is deactivated;
*) l3hw - improved route offloading for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) leds - disable LEDs after "/system shutdown";
*) lte - capped maximum lifetime of SLAAC address to 1 hour;
*) lte - fixed CA band clearing on RAT mode change;
*) lte - fixed duplicate IPv6 route for lte interface when "ipv6-interface" setting is used;
*) lte - fixed LTE interface not showing up when resetting RouterOS configuration;
*) lte - fixed passthrough mode when used together with another APN for Chateau 5G;
*) lte - fixed R11-LTE-US in LTE passthrough mode;
*) lte - fixed R11e-LTE-US reporting of RSSI in LTE mode;
*) lte - fixed re-attach in some cases where module would stay in not-running state after network detach;
*) lte - fixed second modem halt on dual R11e-LTE6 setup;
*) lte - improved system stability when changing LTE interface configuration during network scan with MBIM modems (introduced in v7.8);
*) mpls- fixed LDP "preferred-afi" parameter;
*) netinstall-cli - improved device reinstall on failed attempt;
*) netwatch - added "startup-delay" setting (CLI only);
*) netwatch - improved ICMP status evaluation when no reply was present;
*) netwatch - limit "start-delay" range;
*) ospf - fixed processing of fragmented LSAs;
*) ovpn - added support for OVPN server configuration export and client configuration import from .ovpn file;
*) ovpn - improved system stability for Tile devices;
*) quickset - fixed displaying of "SINR" when value is 0;
*) rose-storage - added option to nvme-discover with hostname (CLI only);
*) rose-storage - fixed crash on nvme-tcp disable;
*) rose-storage - fixed rsync transfer permissions;
*) rose-storage - various stability fixes;
*) route - fixed "dynamic-id" for VRF tables;
*) route - improved system stability when making routing decision;
*) route - show SLAAC routes under the "/routing route" menu;
*) route-filter - improved stability when matching blackhole routes;
*) routerboot - added "preboot-etherboot" and "preboot-etherboot-server" settings ("/system routerboard upgrade" required) (CLI only);
*) sfp - added log warning about failed auto-initialization on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules that hold "TX_FAULT" high signal all the time on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - allow modules with bad or no EEPROM in forced mode on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - fixed "rate-select" functionality on CCR2004-16G-2S+ and CCR2004-1G-12S+2XS devices (introduced in v7.8);
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - improved module initialization and display more detailed initialization status on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) sfp - improved SFP28 interface stability with some optical modules for CRS518 switch;
*) sfp - improved system stability with some SFP GPON modules on RB4011, RB5009, CCR2004-1G-12S+2XS, CCR2004-16G-2S+, CCR2116-12G-4S+, CCR2216-1G-12XS-2XQ devices;
*) snmp - fixed SNMPv3 "Reportable" flag behavior;
*) snmp - improved outputting of routes;
*) socks - added VRF support;
*) ssh - added Ed25519 host key support;
*) ssh - added support for Ed25519 key export and import in PKCS8 format;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - improved service responsiveness when changing SSH service settings;
*) ssh - improved SSH key import process;
*) storage - mount RAM drive for devices with 32MB flash;
*) supout - added DHCP server network section;
*) switch - fixed ACL rules matching IPv6 packets when using only IPv4 matchers;
*) switch - improved system stability during rapid MAC flapping for 98DXxxxx switches;
*) switch - improved system stability for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) timezone - updated timezone information from "tzdata2023c" release;
*) vrrp - added "self" value for "group-master" setting;
*) vxlan - added forwarding table;
*) vxlan - fixed packet drops when host moves between remote VTEPs;
*) webfig - added inline comments;
*) webfig - fixed "Destination" value under "MPLS/Forwarding-Table" menu;
*) webfig - fixed issue where "Certificate" value disappears under "IP/Services" menu;
*) webfig - fixed issue where entries might be missing under "IP/DHCP-Server" menu;
*) webfig - various stability fixes;
*) wifiwave2 - added "radio/reg-info" command to show regulatory requirements (currently implemented for 802.11ac interfaces) (CLI only);
*) wifiwave2 - added ability to configure antenna gain;
*) wifiwave2 - added ability to configure beacon interval and DTIM period;
*) wifiwave2 - added information on additional interface capabilities to radio parameters;
*) wifiwave2 - automatically add a VLAN-tagged interface to the appropriate bridge VLAN;
*) wifiwave2 - exit sniffer command and return error when trying to sniff on an unsupported channel;
*) wifiwave2 - fixed 802.11r roaming for clients that performed initial authentication with an AP which has been restarted since;
*) wifiwave2 - fixed issue of some supported channels not being listed in the radio parameters;
*) wifiwave2 - fixed issue which lead to VLAN-tagged wireless clients receiving tagged traffic from other VLANs;
*) wifiwave2 - fixed key handshake timeout for re-associating client devices on 802.11ac interfaces;
*) wifiwave2 - fixed VLAN tagging for unencrypted (open) APs;
*) wifiwave2 - improved general interface stability;
*) wifiwave2 - improved regulatory compliance for hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - improved WPS connection speed;
*) wifiwave2 - increased maximum value for "channel.frequency" to 7300;
*) wifiwave2 - show information on captured packets and added ability to save them locally in a pcap file;
*) winbox - added "MTU" and "Hoplimit" properties under "IPv6/Routes" menu;
*) winbox - added "Preferred AFI" property under "MPLS/LDP-Instance" menu;
*) winbox - added "S" flag under "IPv6/Firewall/Connections" menu;
*) winbox - added "Tx Power" property under "Wifiwave2/Status" menu;
*) winbox - added "Tx Queue Drops" property under interface settings "Traffic" tab;
*) winbox - added "Username" and "Password" properties under "Container/Config" menu;
*) winbox - added "Valid" and "Preferred" properties under "IPv6/Address" menu;
*) winbox - added missing properties for "Remote ID Type" under "IP/IPsec/Identities" menu;
*) winbox - changed route flag name from "invalid" to "inactive";
*) winbox - fixed "TLS" property under "Tools/Email" menu;
*) winbox - fixed "Type" property under "System/Disk" menu when "rose-storage" package is installed;
*) winbox - fixed changing slot name under "System/Disk" menu;
*) winbox - fixed default value for "Allow managed" property under "Zerotier" menu;
*) winbox - fixed duplicate "My ID" column under "IP/IPsec/Identities" menu;
*) winbox - fixed minor typo in "WifiWave2/Radios" menu;
*) winbox - fixed missing "Sector Writes" for certain devices under "System/Resources" menu (introduced in v7.8);
*) winbox - improved Ethernet advertise, speed and duplex settings;
*) winbox - only show permitted countries for wifiwave2 interfaces;
*) winbox - show missing "Designated Bridge" and "Designated Port Number" monitoring data under "Bridge/Port menu;
*) www - allow unsecure HTTP access to REST API;
*) x86 - fixed changing software-id (introduced in v7.7);
*) zerotier - upgraded to version 1.10.3;
Версия 7.8
2023-02-27
What's new in 7.8 (2023-Feb-24 11:03):
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zerotier - fixed routes after VRF change;
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zerotier - fixed routes after VRF change;
Версия 7.8
2023-02-27
What's new in 7.8 (2023-Feb-24 11:03):
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zerotier - fixed routes after VRF change;
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zerotier - fixed routes after VRF change;
Версия 7.8
2023-02-27
What's new in 7.8 (2023-Feb-24 11:03):
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zerotier - fixed routes after VRF change;
!) storage - added new "rose-storage" package support for extended disk management and monitoring functionality (ARM, ARM64, Tile and x86) (CLI only);
*) bgp - fixed setting of "default-prepend" parameter;
*) bridge - fixed adding disabled MSTI;
*) bridge - fixed DHCP packet flow when using DHCP snooping, HW offloading and "use-ip-firewall";
*) bridge - fixed possible DHCP packet corruption when using DHCP snooping;
*) bridge - fixed PVID warning typo;
*) bridge - improved HW offloading logic;
*) certificate - fixed export of a certificate when the last line of the certificate is exactly 64 bytes long;
*) certificate - fixed PBES2 certificate import;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - improved multiple certificate import process;
*) conntrack - improved system stability when changing connection tracking state;
*) conntrack - improved system stability when PPTP helper is used;
*) console - added "as-string" parameter to the ":execute" command;
*) container - added authentication option for registry (CLI only);
*) container - fixed ".type" file ownership;
*) container - fixed file ownership after system upgrade for containers running on internal disk;
*) container - fixed multiple container automatic startup on boot;
*) dhcpv4-client - send DHCPv4 unicast requests to DHCPv4 relay, instead of server when it is being used;
*) disk - limit maximum TMPFS size;
*) dns - added configurable DoH concurrent query limitation parameters;
*) dns - do not cache results from ":resolve" command with specific server;
*) dns - fixed CNAME reading from the cache;
*) dns - limited "DoH max concurrent queries reached" logging messages to once per minute;
*) dns - respond with "NOERROR" to DNS requests for static domain names when appropriate type record is not configured or found on upstream server;
*) firewall - fixed bridge priority target;
*) firewall - fixed DSCP priority target for IPv6 Mangle;
*) firewall - fixed netmap range maximum address calculation for IPv6 NAT;
*) graphing - fixed hiding of target queues when "allow-target" is disabled;
*) graphing - fixed sorting of interface and queue graphs;
*) graphing - properly handle disabled and static-binding interface graphs;
*) graphing - removed "move" command for graphing rules;
*) health - fixed "temperature" and "power-consumption" readings for RB1100AHx4;
*) hotspot - fixed setting of "address" parameter for IP binding;
*) hotspot - restore cookie timeout on reboot;
*) ike2 - added support for "address", "key-id" and "dn" for Remote ID matching (CLI only);
*) ike2 - fixed active SA flush on responder after an unsuccessful peer connection attempt;
*) ipsec - added support for "Framed-Route" RADIUS attribute support;
*) ipsec - do not match incoming IKE requests by unresolved DNS name peers;
*) ipsec - fixed peer matcher for incoming connection with unresolved DNS;
*) ipv6 - added "pref64" option configuration for RA;
*) ipv6 - improved handling of "advertise" IPv6 address status changes;
*) ipv6 - limited "hop-limit" parameter value range to 255;
*) ipv6 - made distributed DNS lifetime RFC8106 compliant;
*) l3hw - added destination MAC address check for offloaded FastTrack connections;
*) led - fixed signal reading for KNOT device;
*) leds - always require to set interface name when setting "modem-signal" indication;
*) lte - added AT support for Telit LE910C4 in MBIM mode;
*) lte - fixed APN setting usage on initial connection attempt for AT based Quectel and Neoway modems;
*) lte - fixed automatic antenna selection on Chateau LTE12/LTE18;
*) lte - fixed dialing for Fibocom L850-GL module;
*) lte - fixed displaying of "subscriber-number";
*) lte - fixed possible memory leak when using passthrough mode on Chateau 5G;
*) lte - improved AT port matching for SIMCom, Huawei, WeLink, Cinterion, BandLuxe and Sierra modems;
*) lte - improved modem detection speed in lower mini-PCIe slot on LtAP;
*) lte - improved stability for R11e-LTE6, skip connection reset on first EEMGINFO command timeout;
*) lte - LtAP improved modem detection in lower mini-PCie slot ("/system routerboard upgrade" required);
*) lte - parse USSD even if encoding is unsupported;
*) mpls - fixed handling of more than 9 VRF's;
*) mpls - fixed LDP listen socket creation before IPv6 address is ready for use;
*) mpls - improved stability when neighboring router reboots;
*) ospf - fixed "ospf-type" parameter for OSPFv3 routes;
*) ospf - fixed simple auth for OSPFv3;
*) ovpn - added AES-GCM and multicore encryption support;
*) ovpn - improved server stability;
*) ovpn - improved TLS-related error logging;
*) pimsm - improved system stability;
*) poe - added LLDP power management support for 802.3at PSE;
*) poe - properly turn off power when link not detected on hAP ax2 and hAP ax3;
*) port - fixed modem channel number on KNOT;
*) pppoe - fixed PPPoE client scan showing only one server;
*) resource - show filesystem related statistics on CCR2004;
*) route - fixed IPv6 default route presence when received from RA;
*) route - fixed printing of routing table's "count-only" parameter;
*) route - show hoplimit and MTU properties under the "/routing route" menu for SLAAC routes;
*) routerboot - fixed format storage for RBM33G device ("/system routerboard upgrade" required);
*) routerboot - fixed protected routerboot for RBM33G device ("/system routerboard upgrade" required);
*) sfp - fixed false link detection with S+RJ10 on RB5009;
*) sfp - fixed reading of SFP EEPROM on single SFP port devices;
*) sfp - improved optical modules SFP compatibility on CCR2004-16G-2S+, CCR2004-1G-12S+2XS, CCR2116-12G-4S+ devices;
*) sms - improved reporting of SMS sending errors;
*) sms - log USSD response when USSD is sent over MBIM;
*) sniffer - added additional filtering parameters;
*) snmp - do not show identity in LLDP when branding is used with hide SNMP data;
*) snmp - fixed handling of disabled routes;
*) snmp - fixed reporting of total number of routes counter;
*) ssh - hard-coded "localhost" address for forwarding requests;
*) ssh - improved system stability when processing none-crypto SSH connection;
*) sstp - fixed TLS session establishment when "connect-to" is DNS name;
*) switch - fixed SFP rate select for CRS354 devices;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved system stability for 98DXxxxx switch chips;
*) swos - removed "/system swos" menu for CRS5xx series switches;
*) torch - allow "without-paging" parameter for Torch;
*) traffic-generator - increased maximum allowed stream count;
*) upgrade - show error message when license prohibits upgrade;
*) usb - changed USB auto detect behavior to default to the external USB, when no internal USB devices detected;
*) vxlan - added "dont-fragment" setting that allows managing fragmentation;
*) vxlan - added "max-fdb-size" parameter;
*) vxlan - added FastPath support;
*) webfig - allow setting numeric values in time interval fields;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed editing of multi-field parameters with "not" checkbox;
*) webfig - fixed handling of empty skin files;
*) webfig - improved navigation responsiveness;
*) webfig - improved skin file parsing;
*) webfig - improved terminal operation;
*) webfig - properly escape all reserved URI characters;
*) webfig - updated WebFig and graph web pages to HTML5;
*) wifiwave2 - added wireless sniffer tool to capture wireless transmissions (CLI only);
*) wifiwave2 - adjust monitoring of station interfaces to report when an interface is authorized, not just connected;
*) wifiwave2 - enabled additional channels in UNII-3 and UNII-4 bands for Europe and USA on hAP ax^2, hAP ax^3 and Chateau ax;
*) wifiwave2 - fixed compatibility with third-party devices when using SAE hash-to-element authentication with DH groups 20 and 21;
*) wifiwave2 - fixed SAE authentication for interfaces in station mode when trying to connect to APs which require an anti-clogging token (introduced in RouterOS 7.4);
*) wifiwave2 - implement 802.11w management protection SA Query procedures;
*) wifiwave2 - improve protections from denial-of-service attacks on WPA3;
*) winbox - added "Connect" button under "WifiWave2/Scan" menu;
*) winbox - added "Disable/Enable" buttons under "WifiWave2" menu;
*) winbox - added "Match Subdomain" parameter under "IP/DNS/Static" menu;
*) winbox - added "Provision" button under "WifiWave2" menu;
*) winbox - added "Start On Boot" checkbox under "Container" menu;
*) winbox - added "Tx Rate" and "Rx Rate" columns under "WifiWave2/Registration" menu;
*) winbox - added missing properties when setting "Use DoH Server";
*) winbox - added missing WifiWave2 related parameters under "WifiWave2" menu;
*) winbox - added support for manual RAM file system (TMPFS) creation under "System/Disk" menu;
*) winbox - added Type "https-get" parameter under "Tools/Netwatch" menu;
*) winbox - allow selecting bridge for static entries under "Bridge/MDB" menu;
*) winbox - fixed displaying of "Default Prepend" value under "Routing/BGP/Sessions" menu;
*) winbox - fixed displaying of "Tx/Rx CCQ" values under "Wireless/Registration" menu;
*) winbox - fixed displaying of flags under "System/Console" menu;
*) winbox - fixed displaying of multiple character flags;
*) winbox - fixed usage of IPv6 family addresses under "IP/Web Proxy/Access" menu;
*) winbox - hide "TTL" value for static DNS entries with FWD type;
*) winbox - hide unnecessary properties for virtual interfaces under "WifiWave2" menu;
*) winbox - improved mouseover hint for "local" policy under "System/Users/Groups" menu;
*) winbox - rename "Multicast Router" monitoring property to "Is Multicast Router" under "Bridge" menu;
*) winbox - show "Gateway" column by default under "IPv6/Routes" menu;
*) x86 - added support for TP-Link TG-3468;
*) x86 - fixed SR-IOV support for Intel X710 series NIC;
*) x86 - improved Intel 500 series 10G SFP module support;
*) x86 - improved stability for Intel X550 series NIC with SR-IOV;
*) zerotier - fixed routes after VRF change;
Версия 7.7
2023-01-12
What's new in 7.7 (2023-Jan-12 09:35):
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed BGP advertisement PCAP saver;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved Let's Encrypt logging and error recovery;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) console - updated copyright notice;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation;
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved IKE payload processing;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed Netinstall procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed simple authentication checksum calculation;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FN990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - fixed R11e-LTE6 port mapping;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) supout - added missing IPv6 firewall sections;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) timezone - updated timezone information from "tzdata2022g" release;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed BGP advertisement PCAP saver;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved Let's Encrypt logging and error recovery;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) console - updated copyright notice;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation;
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved IKE payload processing;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed Netinstall procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed simple authentication checksum calculation;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FN990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - fixed R11e-LTE6 port mapping;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) supout - added missing IPv6 firewall sections;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) timezone - updated timezone information from "tzdata2022g" release;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7
2023-01-12
What's new in 7.7 (2023-Jan-12 09:35):
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed BGP advertisement PCAP saver;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved Let's Encrypt logging and error recovery;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) console - updated copyright notice;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation;
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved IKE payload processing;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed Netinstall procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed simple authentication checksum calculation;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FN990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - fixed R11e-LTE6 port mapping;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) supout - added missing IPv6 firewall sections;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) timezone - updated timezone information from "tzdata2022g" release;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed BGP advertisement PCAP saver;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved Let's Encrypt logging and error recovery;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) console - updated copyright notice;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation;
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved IKE payload processing;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed Netinstall procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed simple authentication checksum calculation;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FN990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - fixed R11e-LTE6 port mapping;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) supout - added missing IPv6 firewall sections;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) timezone - updated timezone information from "tzdata2022g" release;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.7
2023-01-12
What's new in 7.7 (2023-Jan-12 09:35):
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed BGP advertisement PCAP saver;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved Let's Encrypt logging and error recovery;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) console - updated copyright notice;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation;
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved IKE payload processing;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed Netinstall procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed simple authentication checksum calculation;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FN990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - fixed R11e-LTE6 port mapping;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) supout - added missing IPv6 firewall sections;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) timezone - updated timezone information from "tzdata2022g" release;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
*) bgp - added comment functionality for BGP VPN (CLI only);
*) bgp - do not reflect route back to sender;
*) bgp - fixed BGP advertisement PCAP saver;
*) bgp - fixed connection establishment using link-local addresses;
*) bgp - improved BGP advertisement printing;
*) bgp - improved BGP session load distribution across multiple CPU cores;
*) bgp - properly set "bgp-ext-communities" from "communities" list;
*) bluetooth - added unique advertise message filtering;
*) bonding - properly detect VPLS interface state changes;
*) branding - fixed identity setting from branding package;
*) bridge - added support for static MDB entries;
*) bridge - disallow port-controller while the bridge has MSTP enabled;
*) bridge - fixed "edge=yes" setting for MSTP;
*) bridge - fixed MSTP compatibility with STP;
*) bridge - fixed R/M/STP bridge identifier on protocol-mode change;
*) bridge - fixed RSTP BCP with bridged PPP interfaces;
*) bridge - fixed STP blocking state on port-controller;
*) bridge - fixed host moving with fast-path;
*) bridge - fixed incorrect root port blocking for MSTP;
*) bridge - fixed master port conversion;
*) bridge - fixed mst-override port priority for MSTP;
*) bridge - fixed port priority for STP and RSTP;
*) bridge - improved port-controller system stability;
*) bridge - improved system stability when using MSTP and many VLAN mappings;
*) bridge - removed "age" monitoring property from the host table;
*) certificate - improved Let's Encrypt logging and error recovery;
*) certificate - improved certificate management, signing and storing processes;
*) conntrack - improved system stability when PPTP helper is used;
*) conntrack - improved system stability when processing SCTP connections on TILE;
*) console - updated copyright notice;
*) container - fixed access to "/dev/stderr" from containers;
*) container - fixed handling of groups and usernames from Dockerfile;
*) container - fixed tar extracting;
*) container - made "ram" and "tmp" directories use tmpfs;
*) crs1xx/2xx - fixed "new-customer-pcp" setting for ACL rules;
*) dhcpv6-client - handle receiving of invalid T1 and T2 times;
*) discovery - added "discovered-by" parameter to indicate which protocol discovered the neighbor;
*) discovery - added "mode" parameter for discovery configuration;
*) discovery - fixed neighbor discovery on Mesh interfaces;
*) discovery - report IPv6 LL address if global address does not exist;
*) disk - added support for manual RAM file system (TMPFS) creation (CLI only);
*) disk - improved external storage file system mounting, formatting and naming;
*) dns - do not query upstream DNS servers for matched regex records;
*) dns - fixed changing of "forward-to" parameter for FWD entries;
*) dns - fixed handling of CNAME entry pointing to another FWD entry;
*) dns - fixed handling of FWD entries where "forward-to" is a hostname;
*) dns - fixed incorrect TTL=0 reporting for cached entries;
*) dns - improved resolved static entry addition to address list;
*) dns - improved service stability when CNAME points to a FWD entry;
*) dns - query upstream DNS servers for other record types even if static entry exists;
*) dns - require "write" policy for DNS cache flushing;
*) dns - respond with lowest TTL for inner queries containing A, AAAA, CNAME chains;
*) filesystem - fixed repartition on devices with containers;
*) firewall - added "set-priority" option for IPv6 mangle firewall;
*) firewall - made "dynamic" parameter settable for IPv4 address lists;
*) hotspot - added "install-hotspot-queue" parameter to control dynamic queue creation;
*) hotspot - fixed maximum allowed connections limitation;
*) hotspot - fixed minor memory leak after each successful login from WEB;
*) hotspot - improved limitation of maximum allowed connections;
*) hotspot - improved system stability when clients migrate between bridge ports or VLANs;
*) ike1 - disallow "remote-id" setting for identity;
*) ike1 - fixed XAuth responder trying to recreate phase 1;
*) ike1 - improved expired IPsec-SA processing;
*) ike2 - added support for ChaChaPoly1305 encryption;
*) ike2 - added support for DH Group 31 (EC25519) (CLI only);
*) ike2 - fixed rekey notify creation;
*) ike2 - improved certificate payload parsing;
*) interface - do not allow adding invalid "veth" interfaces;
*) interface - improved system stability when handling large packets on CCR2216;
*) interface - show RTL8153 CDC Modem Device as ethernet;
*) ipsec - added "current-address" parameter for peers with DNS address;
*) ipsec - added hardware acceleration support for IPQ-6010;
*) ipsec - added support for AVX optimized SHA acceleration;
*) ipsec - improved "H" (hw-aead) flag presence for accelerated SA's;
*) ipsec - improved IKE payload processing;
*) ipsec - improved configuration of IPsec proposal auth-algorithms;
*) ipsec - removed Blowfish and Camellia encryption algorithms for IKE;
*) ipv6 - do not generate LL addresses for VPN interfaces when IPv6 is disabled;
*) ipv6 - do not use invalid/disabled global addresses for IPv6 ND;
*) l2tp - added VRF support for L2TP Ether interfaces;
*) l3hw - fixed host offloading in a case of MAC address change;
*) l3hw - fixed offloaded NAT for CRS309 switch;
*) l3hw - improved system stability when disabling or enabling L3HW offloading;
*) leds - fixed default LED configuration on netFiber 9;
*) leds - fixed turning off LEDs after system shutdown;
*) lte - added AT channel support for Telit FN990;
*) lte - added CA information in 5G mode;
*) lte - fixed error handling on opening AT control channel;
*) lte - fixed new MTU value validation;
*) lte - improved stability when LTE passthrough is enabled on Chateau 5G;
*) lte - properly show leading zeros in MCC and MNC strings;
*) lte - show band number in "ca-band" in NSA mode on Chateau 5G;
*) lte - use RSRP value reported by MBIM signal for MBIM type modems;
*) macsec - fixed packet duplication on Ethernet interface;
*) macsec - fixed packet transmission using traffic-generator;
*) macsec - fixed packet validation;
*) modem - added USB tethering support for Google Pixel 7 devices;
*) mpls - added VPLS LDP information in remote/local-mappings;
*) mpls - fixed assigning of explicit null label for IPv6;
*) netinstall - added "-i " parameter for Netinstall (CLI Linux);
*) netinstall - fixed Netinstall procedure on RouterBOOT versions from 3.27 to 6.41;
*) netinstall - improved automatic netbooting interface selection;
*) netwatch - added support for "https-get" type (CLI only);
*) netwatch - fixed reporting of VRF name in logging messages;
*) netwatch - improved "interval" and "packet-interval" coexistence for ICMP type;
*) ntp - log error message when server is unreachable;
*) ospf - fixed MD5 checksum calculation;
*) ospf - fixed simple authentication and checksums for NBMA and PTMP links;
*) ospf - fixed simple authentication checksum calculation;
*) ospf - fixed virtual-link address selection for PTP links;
*) ovpn - added "CBC" postfix to AES cipher names;
*) ovpn - added "route-nopull" option for client side;
*) ovpn - added hardware acceleration support for IPQ-6010;
*) ovpn - added support for IPv6 tunneling;
*) ovpn - fixed "Called-Station-Id" usage in RADIUS requests;
*) package - fixed missing menus when both "lora" and "wifiwave2" packages are installed;
*) ping - fixed ARP ping;
*) port - added serial port support for Telit FN990 modem;
*) port - do not show unusable USB port on hAP ax^2;
*) port - fixed R11e-LTE6 port mapping;
*) ppp - changed default lease time of dynamic DHCPv6 server to 1 day;
*) ppp - do not inherit routing mark for encapsulated packets;
*) ppp - fixed displaying of "info" command for PPP client;
*) ppp - improved authentication method negotiation;
*) pppoe - improved service stability when establishing PPPoE sessions;
*) quickset - fixed addition of bridge filter rules in bridged mode;
*) quickset - fixed interface list member table on configuration changes;
*) quickset - update DNS server IP address when changing router's IP address;
*) rb4011 - fixed reporting of current CPU frequency and changed default frequency to "auto";
*) sfp - added 2.5G SFP module support for RB5009;
*) sfp - allow usage of "10G Base-LR" mode for XS+31LC10D module;
*) snmp - added support for "lldpRemLocalPortNum" OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - added support for Ed25519 key exchange;
*) ssh - do not allow SHA1 usage with strong crypto enabled;
*) ssh - fixed handling of non standard size RSA keys;
*) supout - added MSTI and mst-override monitor for bridge MSTP;
*) supout - added missing IPv6 firewall sections;
*) switch - avoid packet corruption in some setups for 98DX3257, 98DX3255, 98DX4310, 98DX8525 and 98PX1012 switches;
*) switch - fixed SFP Tx disable when changing auto-negotiation settings for 98DXxxxx and 98PX1012 switches;
*) switch - fixed egress mirror for 98DX4310 and 98DX8525 switches;
*) switch - hide invalid settings for 98DX3255 and 98DX8525 switch chips;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98DX8525, 98PX1012 switches;
*) switch - improved 10G, 25G and 40G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10G, 25G, 40G and 100G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) switch - improved 10Gbps Ethernet interface stability for 98DX8212 switch;
*) switch - improved 25G interface stability for 98PX1012, 98DX4310 and 98DX8525 switches (introduced in v7.6);
*) switch - increased the maximum value of "rate" for ACL rules;
*) swos - fixed "allow-from-ports" setting;
*) swos - fixed SwOS configuration changes from RouterOS;
*) swos - improved default SwOS backup file name;
*) system - allow up to 4GB of RAM allocation per process on x86, ARM64 and TILE;
*) system - improved handling of user policies;
*) timezone - updated timezone information from "tzdata2022g" release;
*) tr069-client - updated data model to version 2.15;
*) traffic-flow - fixed sending of sampling interval;
*) tunnels - added VRF support for EoIP, IPIP and GRE tunnels;
*) vpls - expose VPLS related debug logs to "vpls" logging topic;
*) vrrp - always use slave interface MTU;
*) vrrp - improved interface stability on configuration changes;
*) vxlan - added "local-address" parameter support;
*) vxlan - added VRF support;
*) w60g - improved system stability for Cube Pro devices;
*) webfig - ensure login page is displayed after each log out;
*) webfig - fixed accessing of WebFig when "Interface" menu is disabled by skin;
*) webfig - fixed displaying of VRF routes;
*) webfig - fixed input validation for "VPLS ID" parameter;
*) webfig - fixed setting of "DHCP Option Set" parameter;
*) webfig - improved WEB caching capabilities;
*) webfig - properly detect current location for navigation buttons;
*) webfig - properly show limited number of available options;
*) wifiwave2 - added "datapath" settings to configure data forwarding for an interface (CLI only);
*) wifiwave2 - added "ft-preserve-vlanid" parameter to control whether to change VLAN ID after FT;
*) wifiwave2 - added "provisioning" menu to automatically assign interface configurations to radios (CLI only);
*) wifiwave2 - added disable/enable commands to configuration profile sub-menus (CLI only);
*) wifiwave2 - added information of per-station throughput in the registration table;
*) wifiwave2 - added initial CAPsMAN support (only compatible with wifiwave2 interfaces) (CLI only);
*) wifiwave2 - added interworking/Hotspot 2.0 support (CLI only);
*) wifiwave2 - added more informative log messages on configuration profile changes;
*) wifiwave2 - added option to set per-client vlan-id in access list (only supported on 802.11ax interfaces) (CLI only);
*) wifiwave2 - do not permit a client device to be connected to more than one interface at a time;
*) wifiwave2 - fixed "radio-mac" provisioning matcher;
*) wifiwave2 - fixed 4-way handshake with TKIP;
*) wifiwave2 - improved compliance with regulatory domain information;
*) wifiwave2 - improved general system stability;
*) wifiwave2 - improved system stability when multiple virtual AP are configured;
*) wifiwave2 - properly report interface on which traffic is received when multiple station interfaces are used concurrently;
*) wifiwave2 - released packages for MMIPS, PPC, TILE and x86;
*) wifiwave2 - removed maximum limit for group key update interval and changed the default to 1 day;
*) winbox - added "Active" prefix for current "Circuit ID" and "Cookie Length" fields for L2TP-Ether interfaces;
*) winbox - added "Make Static" button to "IP/DHCP Server/Leases" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on Chateau ax;
*) winbox - added missing "force" parameter for new "IP/DHCP Server/Options" entries;
*) winbox - added missing "vlan-id" column under "IP/Hotspot/Hosts" table;
*) winbox - do not show LACP related status parameters for other bonding types;
*) winbox - fixed default MTU value for CAP interfaces;
*) winbox - fixed minor typo in "Zerotier" menu;
*) winbox - improved handling of large WinBox protocol messages;
*) winbox - increased maximum number of Winbox read-only sessions 5->25;
*) winbox - properly save "Interfaces/Detect Internet/Detect Internet State" menu in session file;
*) winbox - removed bogus VRF tab from "Interface" menu;
*) winbox - show "Switch" menu on Chateau 5G ax;
*) winbox - show "Switch" menu on NetFiber 9;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "USB Power Reset" menu on Chateau 5G ax;
*) winbox - show dynamic comment in WifiWave2 registration table;
*) wireless - fixed "nstreme" related parameter control in skins;
*) wireless - fixed setting of realms interworking parameter if realms-raw is unset;
*) x86 - added support for SUN 10G NICs;
*) x86 - improved igc driver support;
Версия 7.6
2022-10-18
What's new in 7.6 (2022-Oct-17 13:55):
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT;
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT;
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6
2022-10-18
What's new in 7.6 (2022-Oct-17 13:55):
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT;
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT;
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.6
2022-10-18
What's new in 7.6 (2022-Oct-17 13:55):
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT;
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
*) bgp - added support for BGP advertisement displaying (CLI only);
*) bgp - fixed reporting of session uptime;
*) bgp - improved session establishment speed after bootup;
*) bonding - fixed ARP monitor packets with bond's MAC address;
*) bonding - improved interface stability on slave configuration changes;
*) bonding - reduce "actual-mtu" according to interface "l2mtu";
*) branding - execute "autorun.scr" file when installing branding package;
*) capsman - fixed RADIUS accounting when EAP is used;
*) certificate - fixed SHA1 certificate name lookup;
*) certificate - improved certificate management, signing and storing processes;
*) certificate - restricted maximum retry attempt window for Let's Encrypt certificate to 60 minutes;
*) container - added "start-on-boot" parameter for automatic container startup;
*) container - allow changing container related parameters while it is running;
*) container - fixed usage of non-authenticated registries;
*) dhcpv4-server - fixed matcher functionality;
*) dhcpv4-server - fixed RADIUS accounting for local leases;
*) dhcpv4-server - improved service stability when removing dynamic leases;
*) dhcpv6-client - fixed false error status reporting when server offers T1 or T2 value as 0;
*) dns - added "match-subdomain" option for static entries (CLI only);
*) dot1x - fixed incorrect error when using "mac-auth";
*) ethernet - added "5Gbps" option for speed setting;
*) firewall - added "src/dst-address-type" parameter under "IPv6/Firewall/Mangle" menu;
*) firewall - disable IRC NAT helper on upgrade;
*) firewall - fixed IPv6 filtering with "in/out-interface" matcher that is in VRF;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) firewall - fixed usage of "netmap" action for IPv6 source NAT;
*) health - fixed fan speed and temperature reporting on CCR1072;
*) health - improved voltage reading on RBmAP-2nD;
*) hotspot - fixed service initialization when HTML directory configured on an external disk;
*) hotspot - fixed SSL usage on all HotSpot pages;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "routerboard.com" URL from default HotSpot advertise;
*) interface - added warning when interface has configured "mtu" higher than "l2mtu";
*) ipsec - added "invalid-packets" counter for Installed SA's menu;
*) ipsec - fixed packet processing by hardware encryption engine on MMIPS devices;
*) l3hw - added "l3hw-settings" sub menu under the switch menu;
*) l3hw - added support for IPv6 route offloading (disabled by default);
*) l3hw - fixed "H" flag presence for accelerated connection tracking entries;
*) l3hw - fixed possible packet loss when using HW offloaded NAT;
*) l3hw - improved connected host offloading on startup;
*) l3hw - improved connected IPv6 host offloading when routing table is nearly full for 98DX224S, 98DX226S, and 98DX3236 switch chips;
*) l3hw - improved system stability;
*) l3hw - made route offloading selection work only on unicast;
*) lte - added interface name in MTU debug logging message;
*) lte - added periodic IPv6 RS to trigger IPv6 adress acquisition for non-MBIM modems;
*) lte - added support for Neoway N75-EA;
*) lte - added support to perform FOTA upgrade from local file for EG12-EA, EG18-EA, RG502Q-AE, EG06-A, EP06-A modems;
*) lte - disabled RPLMN on Chateau 5G;
*) lte - fixed at-chat on Telit FN980m;
*) lte - fixed handover from UMTS to LTE when PS activation had failed for MBIM modems;
*) lte - fixed MBIM modem initialization;
*) lte - fixed re-attaching on PS detach for MBIM modems;
*) lte - removed reconnect delay after receiving DETACH notification for MBIM modems;
*) macsec - added configuration support with VLAN, ARP, DHCP and bridge tagging/untagging;
*) macsec - added logging support with "debug" and "dot1x" topics;
*) macsec - added support for MTU and L2MTU;
*) macsec - fixed interface after Ethernet link down;
*) macsec - fixed interface statistics and missing properties;
*) macsec - fixed interface status;
*) macsec - fixed multiple interface creation on different Ethernet ports
*) macsec - improved interface stability;
*) macsec - improved system stability for TILE and RB5009 devices;
*) macsec - removed interface from SMIPS devices;
*) mac-telnet - respect interface MTU setting when sending packets for MAC-Telnet and MAC-WinBox;
*) netwatch - fixed string variable values in script;
*) ntp - improved initial synchronization speed after bootup;
*) ospf - added SHA hashing for authentication;
*) ospf - fixed area "no-summary" setting;
*) ospf - fixed checksum calculation;
*) ospf - fixed displaying of VRF interface in related logs;
*) ospf - fixed transmit of LSA/ACK's on p2p interfaces;
*) ospf - improved logging when invalid configuration is detected;
*) ospf - refresh OSPFv3 interface configuration when IPv6 network becomes available;
*) ovpn - added IPv6 support;
*) ovpn - added VRF support for client;
*) ppp - fixed memory leak;
*) ppp - improved service stability when multiple users disconnect simultaneously;
*) pppoe - fixed MRU negotiation even when it is set to 1500;
*) qsfp - added interface temperature warnings and shutdown;
*) queue - improved stability for CAKE type queues;
*) radius - require "policy" policy for "login" service configuration;
*) rip - fixed passwordless MD5 authentication;
*) route-filter - fixed filtering for multiple community routes;
*) route-filter - fixed memory allocation when moving entries;
*) route - fixed disappearance of inactive static routes after upgrade;
*) route - fixed memory leak;
*) routerboard - return router's short name in "model" parameter;
*) routerboard - set "Delete" as default key to enter booter menu ("/system routerboard upgrade" required);
*) serial - added support for newer PL2303 serial controllers;
*) sfp - improved QSFP/SFP interface stability for 98DXxxxx and 98PX1012 switches;
*) sms - added "status-report-request" parameter for "send" command;
*) sms - fixed handling of SMS send attempts on unsupported modems;
*) snmp - improved retrieval of routing related OID's;
*) snmp - improved stability when receiving bogus packets;
*) ssh - increased key generation timeout;
*) sstp - added VRF support for client;
*) supout - added tr069-client section;
*) supout - removed duplicate "bridge-controller" section;
*) switch - improved traffic forwarding at 5Gbps rate for 98DX8525, 98DX4310 switches;
*) system - renamed error messages when trying to edit or remove dynamic entries;
*) tile - improved system stability when processing packets;
*) tr069-client - do not allow ":" symbols in username;
*) tr069-client - fixed reporting of "X_MIKROTIK_MimoRSRP" parameter;
*) user-manager - accept any username for outer authentication;
*) user-manager - added "comment" parameter for batch user creation;
*) user-manager - added support for multiple accounting sessions;
*) user-manager - added variables to print profile name and end time in voucher templates;
*) user-manager - allow specifying router's address as subnet;
*) user-manager - fixed "migrate-legacy-db" command;
*) user-manager - fixed session expiry when it is stopped by Disconnect-Request;
*) user-manager - forced username verification against client's certificate for EAP-TLS;
*) user-manager - use "Class" attribute to associate user's accounting session;
*) user - removed unused "dude" policy;
*) vrrp - fixed connection tracking synchronization on MMIPS and MIPSBE devices;
*) vxlan - added IPv6 support for remote VTEPs (only IPv4 or IPv6 will be used at the same time, use "vteps-ip-version" property on VXLAN interface to change the version);
*) w60g - improved system stability (introduced in v7.5);
*) webfig - fixed creation of new IPv6 routes;
*) webfig - fixed displaying of "Last Seen" parameter under "IP/DHCP Server/Leases" menu;
*) webfig - fixed hex input for "Host Uniq" field;
*) webfig - fixed unsetting of "endpoint-address" parameter under "WireGuard/Peers" menu;
*) wifiwave2 - fixed enabling of unconfigured interfaces;
*) wifiwave2 - fixed malfunction of WPA3 hash-to-element technique when enabled on multiple interfaces;
*) wifiwave2 - fixed RADIUS accounting after fast-transition;
*) wifiwave2 - fixed "WPA Key Data Length" value in EAPOL frame when FT-EAP-SHA384 AKM is used;
*) winbox - added "Active" prefix for current remote and local session ID fields for L2TP-Ether interfaces;
*) winbox - added "address-list" parameter under "IP/DNS/Static" menu;
*) winbox - added "File Name" option for "Load Config" parameter under "System/SwOS" menu;
*) winbox - added icon for TR069-client menu;
*) winbox - added MACsec support;
*) winbox - added quick filtering option for route list;
*) winbox - added "Rapid Commit" parameter support under "IPv6/DHCP-Server" menu;
*) winbox - added "Reset Traffic Counters" button for all interfaces;
*) winbox - added "type" and "status-report-request" parameters under "Tools/SMS" menu;
*) winbox - allow "timeout" value to be less than 1 under "Tools/Netwatch" menu;
*) winbox - allow to rename mounted disks;
*) winbox - changed order of tabs under "User Manager" menu;
*) winbox - changed "uptime" parameter format when using the wifiwave2 package;
*) winbox - do not show unavailable features on SMIPS devices;
*) winbox - fixed interface traffic graph drawing on RB5009;
*) winbox - fixed maximum allowed value for VRRP's "priority" parameter;
*) winbox - fixed "Session Uptime" value for not established sessions under "Routing/BGP" menu;
*) winbox - fixed "Session Uptime" value under "Routing/BGP" menu;
*) winbox - fixed "System/SwOS" window refreshing after changes are detected;
*) winbox - fixed "User Manager/User Profiles" window refreshing after changes are detected;
*) winbox - made "backup.swb" the default value for SwOS backup;
*) winbox - made sessions removable in "User Manager" menu;
*) winbox - show "F" flag for failed entries under "Interfaces/VRRP" menu;
*) winbox - show "Switch" menu on Chateau LTE18 ax;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireguard - strip whitespaces from keys;
*) wireless - disallowed using "default" as scan list or channel names;
*) wireless - fixed incorrectly applied ingress priority to non-wireless packets;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) www - improved stability when receiving bogus packets;
*) x86 - improved ixgbe driver support;
Версия 7.5
2022-08-31
What's new in 7.5 (2022-Aug-30 12:25):
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated);
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "cpu-temperature" to "switch-temperature" on CRS312-4C+8XG, CRS326-24S+2Q+, CRS354-48P-4S+2Q+, CRS354-48G-4S+2Q+, CRS504-4XQ-IN, CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated);
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "cpu-temperature" to "switch-temperature" on CRS312-4C+8XG, CRS326-24S+2Q+, CRS354-48P-4S+2Q+, CRS354-48G-4S+2Q+, CRS504-4XQ-IN, CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5
2022-08-31
What's new in 7.5 (2022-Aug-30 12:25):
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated);
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "cpu-temperature" to "switch-temperature" on CRS312-4C+8XG, CRS326-24S+2Q+, CRS354-48P-4S+2Q+, CRS354-48G-4S+2Q+, CRS504-4XQ-IN, CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated);
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "cpu-temperature" to "switch-temperature" on CRS312-4C+8XG, CRS326-24S+2Q+, CRS354-48P-4S+2Q+, CRS354-48G-4S+2Q+, CRS504-4XQ-IN, CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.5
2022-08-31
What's new in 7.5 (2022-Aug-30 12:25):
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated);
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "cpu-temperature" to "switch-temperature" on CRS312-4C+8XG, CRS326-24S+2Q+, CRS354-48P-4S+2Q+, CRS354-48G-4S+2Q+, CRS504-4XQ-IN, CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
*) bgp - fixed remote refuse capability options, max prefix limit errors and administrative stop;
*) bgp - improved stability when "default-originate" is configured;
*) bridge - fixed "new-priority" value validation for NAT rules;
*) capsman - added randomized range option for "reselect-interval" parameter (CLI only);
*) certificate - fixed handling of empty AKID by SCEP client;
*) console - fixed automatic command completion with keypress;
*) container - added support for running Docker (TM) containers on ARM, ARM64 and x86 (containers created before v7.4 must be recreated);
*) defconf - fixed loading of default configuration on RB4011 with WifiWave2 package enabled;
*) dhcpv4-server - fixed removal of dynamic leases when server is removed;
*) dhcpv6-client - moved invalid lifetime logging message from "debug" to "error" topic;
*) dhcpv6-client - use /128 prefix for IA_NA addresses;
*) dhcpv6-relay - fixed relay forwarding (introduced in v7.1.5);
*) dhcpv6-server - improved stability when acquiring binding;
*) dns - added "address-list" parameter for static DNS entries (CLI only);
*) dns - added "match-subdomain" option for static entries (CLI only);
*) firewall - added support for RTSP helper;
*) health - fixed "temperature" and "power-consumption" readings on RB1100x4;
*) health - improved voltage reading on CRS112-8P-4S;
*) health - renamed "cpu-temperature" to "switch-temperature" on CRS312-4C+8XG, CRS326-24S+2Q+, CRS354-48P-4S+2Q+, CRS354-48G-4S+2Q+, CRS504-4XQ-IN, CRS518-16XS-2XQ;
*) hostpot - fixed Walled Garden functionality for HTTPS sites;
*) hotspot - automatically reject all HTTPS requests passing through HotSpot server for unauthorized users;
*) hotspot - improved stability when receiving bogus packets;
*) hotspot - limit maximum allowed connections based on free RAM resources;
*) hotspot - removed "https-redirect" option;
*) ike2 - allow sending certificate chain as initiator;
*) interface - fixed default interface naming on RB1100x2;
*) l3hw - fixed HW offloaded NAT;
*) leds - fixed default LED configuration for RBwsAP-5Hac2nD;
*) leds - fixed wireless LED functionality on LHGG;
*) lora - do not ignore negative sign for spoofed GPS coordinates;
*) lte - added at-chat and NMEA port support for Simcom modems, USB composition (device id - 0x9003);
*) lte - added at-chat support for Simcom modems, USB composition (device id - 0x9005);
*) lte - added "SIM not inserted" and "SIM failure" messages to "status" and "monitor" commands for AT modems;
*) lte - changed cell ID info display to short format for 3G connections;
*) lte - disallow empty APN name only for default entry;
*) lte - fixed AT channel for Sierra Wireless modems with device ID 0x9091;
*) lte - fixed LTE interface presence for Telit LN940;
*) lte - fixed UDP performance on MMIPS devices;
*) lte - improved antenna scan for Chateau devices with switchable antennas;
*) lte - improved configuration export when multiple LTE interfaces are present;
*) lte - modem dialer, do not reset dialing sequence if modem reply with error to user set init-string;
*) netinstall - fixed Netinstall procedure for ARM devices;
*) netwatch - automatically start migrated probes from previous RouterOS versions;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) ntp - fixed NTP server when "use-local-clock" is used;
*) ospf - fixed handling of external forwarding address;
*) ospf - improved stability when interface is being disabled during database exchange;
*) ovpn - fixed encryption key renewal process which caused periodic session disconnects;
*) ovpn - improved system stability when hardware acceleration is used on ARM64 devices;
*) ovpn - moved disconnected user logging message from "debug" to "info" topic;
*) ping - improved service stability;
*) port - added support for D-Link DWM-222 in serial/PPP mode (device id - 0xac01/0x7e3d);
*) port - added support for Huawei/ZTE K5006z in serial/PPP mode (device id - 0x1017/0x1018);
*) ppp - improved service stability under high load;
*) ppp - use /32 as default netmask if not specified for "routes" parameter;
*) ptp - improved system stability on CRS devices;
*) quickset - removed PPTP and SSTP server addition for "VPN" checkbox;
*) rb5009 - fixed ether1 status reporting after system reboot;
*) route-filter - fixed "delete bgp-communities" command;
*) routerboard - added "reset-button" script feature for TILE devices;
*) sfp - fixed "eeprom" reading on single SFP port ARM devices;
*) sfp - fixed QSFP+ and QSFP28 interface disable when using breakout cable;
*) sfp - fixed unresponsive "sfp1" interface after disabling "ether1" on NetMetal devices;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+;
*) sfp - improved stability when using 2.5G optical modules in CCR2116, CCR2216 and CRS518;
*) snmp - fixed usage of VRF after system startup;
*) socks - fixed "dst-port" usage when checking access list;
*) ssh - added AES support for PEM decryption;
*) ssh - fixed importing of public keys;
*) ssh - fixed minor typo issue when importing public key;
*) sstp - fixed client stuck in "nonce matching" state;
*) switch - fixed ACL rules for 98DXxxxx switches with more than 28 ports (introduced in v7.3);
*) switch - removed limit for number of hardware-offloaded bonding interfaces;
*) swos - enabled SwitchOS support for CRS310-1G-5S-4S+;
*) swos - fixed SwOS upgrade procedure on CRS305-1G-4S+;
*) traceroute - added "do-not-fragment" parameter support (CLI only);
*) traceroute - increased packet size limit to 65535;
*) vrrp - added "sync-connection-tracking" compatibility with preemption-mode;
*) vrrp - fixed high CPU usage when "sync-connection-tracking=yes" and the backup router goes offline;
*) vrrp - fixed HW offloaded bridge MAC address learning when changing from VRRP master to backup;
*) vrrp - fixed initial connection tracking synchronization, a backup router now always receives all existing connections;
*) vrrp - improved connection tracking synchronization protocol (CTSYNC), the new protocol is incompatible with previous RouterOS versions with "sync-connection-tracking=yes";
*) webfig - allow to specify NTP server as domain name;
*) webfig - fixed displaying of grahs in status pages;
*) webfig - fixed floating point field's negative value in -0.*** format;
*) wifiwave2 - added "sae-pwe" parameter with hash-to-element mechanism for SAE PWE derivation;
*) wifiwave2 - added support for 802.11k;
*) wifiwave2 - disable wireless interface after wireless configuration reset;
*) wifiwave2 - fixed displaying of AKM in scan results;
*) wifiwave2 - fixed duplicated AKM in RSN message;
*) wifiwave2 - fixed group key update for client devices which connect via fast BSS transition;
*) wifiwave2 - fixed incorrect AKM usage for FT-WPA3-EAP-192;
*) wifiwave2 - fixed reassociation response sending for fast transition over DS;
*) wifiwave2 - fixed setting of "ft-nas-identifier" parameter;
*) wifiwave2 - fixed usage of Canada country setting on US locked devices;
*) wifiwave2 - improved default channel width selection for interfaces in station mode;
*) winbox - do not show previously attached LTE interfaces while establishing LTE connection;
*) winbox - enabled all filters by default under "Tools/Torch" menu;
*) winbox - fixed "Enable", "Disable" and "Comment" functions for L2TP-ether type interfaces;
*) winbox - fixed "Next Run" parameter displaying under "System/Scheduler" menu;
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) winbox - show warning messages for BGP connection entries;
*) wireless - fixed interface initialization on x86 devices;
*) x86 - allow downgrading to RouterOS v6 only if it was previously installed;
*) x86 - fixed advertising of 2500M and 5000M link speeds on ixgbe driver;
Версия 7.4.1
2022-08-08
What's new in 7.4.1 (2022-Aug-04 14:48):
*) firewall - fixed "in-interface-list" matcher when VRF is used;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) netwatch - fixed usage of "timeout" value in simple mode;
*) sfp - fixed speed mode setting after reinserting SFP module on CRS328-4C-20S-4S+;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) firewall - fixed "in-interface-list" matcher when VRF is used;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) netwatch - fixed usage of "timeout" value in simple mode;
*) sfp - fixed speed mode setting after reinserting SFP module on CRS328-4C-20S-4S+;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
Версия 7.4.1
2022-08-08
What's new in 7.4.1 (2022-Aug-04 14:48):
*) firewall - fixed "in-interface-list" matcher when VRF is used;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) netwatch - fixed usage of "timeout" value in simple mode;
*) sfp - fixed speed mode setting after reinserting SFP module on CRS328-4C-20S-4S+;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) firewall - fixed "in-interface-list" matcher when VRF is used;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) netwatch - fixed usage of "timeout" value in simple mode;
*) sfp - fixed speed mode setting after reinserting SFP module on CRS328-4C-20S-4S+;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
Версия 7.4.1
2022-08-08
What's new in 7.4.1 (2022-Aug-04 14:48):
*) firewall - fixed "in-interface-list" matcher when VRF is used;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) netwatch - fixed usage of "timeout" value in simple mode;
*) sfp - fixed speed mode setting after reinserting SFP module on CRS328-4C-20S-4S+;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
*) firewall - fixed "in-interface-list" matcher when VRF is used;
*) netwatch - changed ICMP default packet loss fail threshold to 85%;
*) netwatch - fixed usage of "timeout" value in simple mode;
*) sfp - fixed speed mode setting after reinserting SFP module on CRS328-4C-20S-4S+;
*) sfp - improved combo SFP ports initialization handling on CRS312-4C+8XG, CRS328-4C-20S-4S+
*) winbox - fixed "Type" and "Value" field displaying under "System/Health" sub-menu's;
Версия 7.4
2022-07-20
What's new in 7.4 (2022-Jul-19 14:25):
Important note!!!
- Container package is not available in v7.4. Development and testing continues in "testing" channel.
Changes in this release:
*) api - fixed comma encoding within URL when using the ".proplist" argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) certificate - fixed new CRL updating;
*) chr - fixed booting with added additional SCSI disk;
*) cloud - print critical log message when system clock gets synchronized;
*) console - added ":retry" command;
*) console - fixed situation when print output was not consistent;
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
*) dhcp-server - change "vendor-class-id" matcher to generic option matcher;
*) dhcpv4-server - disallowed overriding message type option;
*) dhcpv4-server - log message when user option updates existing option;
*) dhcpv4-server - placed option 53 as the first one in the packet;
*) dns - convert the domain name to lowercase before matching regex;
*) dot1x - fixed "undo" command for server instances;
*) e-mail - added VRF support;
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules;
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) health - fixed requesting data from sensor when issuing "get" command;
*) health - fixed voltage reporting on some RBmAP-2nD devices;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) leds - fixed GPS LED configuration on LtAP LTE kit;
*) leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
*) leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
*) lte - added AT chat support for Dell dw5821e modem;
*) lte - fixed LTE interface running state after modem reconnection;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialization stage;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - show current value for "antenna" parameter when auto antenna selection fails;
*) lte - validate LTE attached IP type in MBIM mode;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) mpls - improved stability with enabled loop-detect;
*) mqtt - fixed log flooding with disconnect messages;
*) mqtt - fixed socket error handling;
*) netwatch - added support for more advanced probing;
*) ntp - added VRF support for client and server;
*) ntp - fixed manycast server support;
*) ntp - improved "debug" log level logging;
*) ovpn - added "AUTH_FAILED" control message sending;
*) ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
*) ovpn - use selected cipher by default when the server does not provide "cipher" option;
*) pimsm - improved system stability when changing configuration;
*) poe - hide "poe-voltage" parameter on devices that do not support it;
*) ppp - do not fail connection when trying to add existing IP address to address list;
*) ppp - log warning message when remote IP address can not be added;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
*) radius - added VRF support for RADIUS client;
*) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu);
*) route - expose all valid routes to route select filter from BGP;
*) route - expose all valid routes to route select filter from OSPF and RIP;
*) route - fixed false route type detection as blackhole;
*) route - fixed log messages when changing routing configuration;
*) route - made export run faster on tables with a large number of dynamic routes;
*) route - provide more detailed information about prefixes when using "discourse" tool;
*) route-filter - fixed route select filter rules;
*) routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
*) routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
*) routing-filter - fixed regexp community matcher;
*) routing-filter - made "do-jump" work in select rules;
*) rpki - fix potential memory leak;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - fixed host key generation (introduced in v7.3);
*) ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
*) system - added "shutdown" parameter for reset-configuration (CLI only);
*) system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
*) upgrade - ignore same version packages during upgrade procedure;
*) upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
*) vpls - improved system stability with enabled connection tracking;
*) vxlan - allow to specify MAC address manually;
*) w60g - fixed interface "reset-configuration" on Cube 60 devices;
*) w60g - improved interface initialization after being inactive for a while;
*) w60g - improved system stability when using mismatched L2MTU between station and AP;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
*) wifiwave2 - improved WPA3 support stability;
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - added "name" parameter under "Routing/BGP/Session" menu;
*) winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
*) winbox - added support for "veth" interface types;
*) winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - fixed filename dropdown value filtering;
*) winbox - fixed minor typo under "Interface" stats;
*) winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
*) winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
*) winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;
*) winbox - removed unused "Apply Changes" button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed Broadcom NIC support;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed "hdd-model" information from installation screen;
Important note!!!
- Container package is not available in v7.4. Development and testing continues in "testing" channel.
Changes in this release:
*) api - fixed comma encoding within URL when using the ".proplist" argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) certificate - fixed new CRL updating;
*) chr - fixed booting with added additional SCSI disk;
*) cloud - print critical log message when system clock gets synchronized;
*) console - added ":retry" command;
*) console - fixed situation when print output was not consistent;
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
*) dhcp-server - change "vendor-class-id" matcher to generic option matcher;
*) dhcpv4-server - disallowed overriding message type option;
*) dhcpv4-server - log message when user option updates existing option;
*) dhcpv4-server - placed option 53 as the first one in the packet;
*) dns - convert the domain name to lowercase before matching regex;
*) dot1x - fixed "undo" command for server instances;
*) e-mail - added VRF support;
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules;
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) health - fixed requesting data from sensor when issuing "get" command;
*) health - fixed voltage reporting on some RBmAP-2nD devices;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) leds - fixed GPS LED configuration on LtAP LTE kit;
*) leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
*) leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
*) lte - added AT chat support for Dell dw5821e modem;
*) lte - fixed LTE interface running state after modem reconnection;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialization stage;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - show current value for "antenna" parameter when auto antenna selection fails;
*) lte - validate LTE attached IP type in MBIM mode;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) mpls - improved stability with enabled loop-detect;
*) mqtt - fixed log flooding with disconnect messages;
*) mqtt - fixed socket error handling;
*) netwatch - added support for more advanced probing;
*) ntp - added VRF support for client and server;
*) ntp - fixed manycast server support;
*) ntp - improved "debug" log level logging;
*) ovpn - added "AUTH_FAILED" control message sending;
*) ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
*) ovpn - use selected cipher by default when the server does not provide "cipher" option;
*) pimsm - improved system stability when changing configuration;
*) poe - hide "poe-voltage" parameter on devices that do not support it;
*) ppp - do not fail connection when trying to add existing IP address to address list;
*) ppp - log warning message when remote IP address can not be added;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
*) radius - added VRF support for RADIUS client;
*) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu);
*) route - expose all valid routes to route select filter from BGP;
*) route - expose all valid routes to route select filter from OSPF and RIP;
*) route - fixed false route type detection as blackhole;
*) route - fixed log messages when changing routing configuration;
*) route - made export run faster on tables with a large number of dynamic routes;
*) route - provide more detailed information about prefixes when using "discourse" tool;
*) route-filter - fixed route select filter rules;
*) routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
*) routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
*) routing-filter - fixed regexp community matcher;
*) routing-filter - made "do-jump" work in select rules;
*) rpki - fix potential memory leak;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - fixed host key generation (introduced in v7.3);
*) ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
*) system - added "shutdown" parameter for reset-configuration (CLI only);
*) system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
*) upgrade - ignore same version packages during upgrade procedure;
*) upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
*) vpls - improved system stability with enabled connection tracking;
*) vxlan - allow to specify MAC address manually;
*) w60g - fixed interface "reset-configuration" on Cube 60 devices;
*) w60g - improved interface initialization after being inactive for a while;
*) w60g - improved system stability when using mismatched L2MTU between station and AP;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
*) wifiwave2 - improved WPA3 support stability;
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - added "name" parameter under "Routing/BGP/Session" menu;
*) winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
*) winbox - added support for "veth" interface types;
*) winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - fixed filename dropdown value filtering;
*) winbox - fixed minor typo under "Interface" stats;
*) winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
*) winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
*) winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;
*) winbox - removed unused "Apply Changes" button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed Broadcom NIC support;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed "hdd-model" information from installation screen;
Версия 7.4
2022-07-20
What's new in 7.4 (2022-Jul-19 14:25):
Important note!!!
- Container package is not available in v7.4. Development and testing continues in "testing" channel.
Changes in this release:
*) api - fixed comma encoding within URL when using the ".proplist" argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) certificate - fixed new CRL updating;
*) chr - fixed booting with added additional SCSI disk;
*) cloud - print critical log message when system clock gets synchronized;
*) console - added ":retry" command;
*) console - fixed situation when print output was not consistent;
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
*) dhcp-server - change "vendor-class-id" matcher to generic option matcher;
*) dhcpv4-server - disallowed overriding message type option;
*) dhcpv4-server - log message when user option updates existing option;
*) dhcpv4-server - placed option 53 as the first one in the packet;
*) dns - convert the domain name to lowercase before matching regex;
*) dot1x - fixed "undo" command for server instances;
*) e-mail - added VRF support;
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules;
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) health - fixed requesting data from sensor when issuing "get" command;
*) health - fixed voltage reporting on some RBmAP-2nD devices;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) leds - fixed GPS LED configuration on LtAP LTE kit;
*) leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
*) leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
*) lte - added AT chat support for Dell dw5821e modem;
*) lte - fixed LTE interface running state after modem reconnection;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialization stage;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - show current value for "antenna" parameter when auto antenna selection fails;
*) lte - validate LTE attached IP type in MBIM mode;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) mpls - improved stability with enabled loop-detect;
*) mqtt - fixed log flooding with disconnect messages;
*) mqtt - fixed socket error handling;
*) netwatch - added support for more advanced probing;
*) ntp - added VRF support for client and server;
*) ntp - fixed manycast server support;
*) ntp - improved "debug" log level logging;
*) ovpn - added "AUTH_FAILED" control message sending;
*) ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
*) ovpn - use selected cipher by default when the server does not provide "cipher" option;
*) pimsm - improved system stability when changing configuration;
*) poe - hide "poe-voltage" parameter on devices that do not support it;
*) ppp - do not fail connection when trying to add existing IP address to address list;
*) ppp - log warning message when remote IP address can not be added;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
*) radius - added VRF support for RADIUS client;
*) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu);
*) route - expose all valid routes to route select filter from BGP;
*) route - expose all valid routes to route select filter from OSPF and RIP;
*) route - fixed false route type detection as blackhole;
*) route - fixed log messages when changing routing configuration;
*) route - made export run faster on tables with a large number of dynamic routes;
*) route - provide more detailed information about prefixes when using "discourse" tool;
*) route-filter - fixed route select filter rules;
*) routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
*) routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
*) routing-filter - fixed regexp community matcher;
*) routing-filter - made "do-jump" work in select rules;
*) rpki - fix potential memory leak;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - fixed host key generation (introduced in v7.3);
*) ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
*) system - added "shutdown" parameter for reset-configuration (CLI only);
*) system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
*) upgrade - ignore same version packages during upgrade procedure;
*) upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
*) vpls - improved system stability with enabled connection tracking;
*) vxlan - allow to specify MAC address manually;
*) w60g - fixed interface "reset-configuration" on Cube 60 devices;
*) w60g - improved interface initialization after being inactive for a while;
*) w60g - improved system stability when using mismatched L2MTU between station and AP;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
*) wifiwave2 - improved WPA3 support stability;
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - added "name" parameter under "Routing/BGP/Session" menu;
*) winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
*) winbox - added support for "veth" interface types;
*) winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - fixed filename dropdown value filtering;
*) winbox - fixed minor typo under "Interface" stats;
*) winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
*) winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
*) winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;
*) winbox - removed unused "Apply Changes" button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed Broadcom NIC support;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed "hdd-model" information from installation screen;
Important note!!!
- Container package is not available in v7.4. Development and testing continues in "testing" channel.
Changes in this release:
*) api - fixed comma encoding within URL when using the ".proplist" argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) certificate - fixed new CRL updating;
*) chr - fixed booting with added additional SCSI disk;
*) cloud - print critical log message when system clock gets synchronized;
*) console - added ":retry" command;
*) console - fixed situation when print output was not consistent;
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
*) dhcp-server - change "vendor-class-id" matcher to generic option matcher;
*) dhcpv4-server - disallowed overriding message type option;
*) dhcpv4-server - log message when user option updates existing option;
*) dhcpv4-server - placed option 53 as the first one in the packet;
*) dns - convert the domain name to lowercase before matching regex;
*) dot1x - fixed "undo" command for server instances;
*) e-mail - added VRF support;
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules;
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) health - fixed requesting data from sensor when issuing "get" command;
*) health - fixed voltage reporting on some RBmAP-2nD devices;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) leds - fixed GPS LED configuration on LtAP LTE kit;
*) leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
*) leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
*) lte - added AT chat support for Dell dw5821e modem;
*) lte - fixed LTE interface running state after modem reconnection;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialization stage;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - show current value for "antenna" parameter when auto antenna selection fails;
*) lte - validate LTE attached IP type in MBIM mode;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) mpls - improved stability with enabled loop-detect;
*) mqtt - fixed log flooding with disconnect messages;
*) mqtt - fixed socket error handling;
*) netwatch - added support for more advanced probing;
*) ntp - added VRF support for client and server;
*) ntp - fixed manycast server support;
*) ntp - improved "debug" log level logging;
*) ovpn - added "AUTH_FAILED" control message sending;
*) ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
*) ovpn - use selected cipher by default when the server does not provide "cipher" option;
*) pimsm - improved system stability when changing configuration;
*) poe - hide "poe-voltage" parameter on devices that do not support it;
*) ppp - do not fail connection when trying to add existing IP address to address list;
*) ppp - log warning message when remote IP address can not be added;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
*) radius - added VRF support for RADIUS client;
*) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu);
*) route - expose all valid routes to route select filter from BGP;
*) route - expose all valid routes to route select filter from OSPF and RIP;
*) route - fixed false route type detection as blackhole;
*) route - fixed log messages when changing routing configuration;
*) route - made export run faster on tables with a large number of dynamic routes;
*) route - provide more detailed information about prefixes when using "discourse" tool;
*) route-filter - fixed route select filter rules;
*) routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
*) routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
*) routing-filter - fixed regexp community matcher;
*) routing-filter - made "do-jump" work in select rules;
*) rpki - fix potential memory leak;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - fixed host key generation (introduced in v7.3);
*) ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
*) system - added "shutdown" parameter for reset-configuration (CLI only);
*) system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
*) upgrade - ignore same version packages during upgrade procedure;
*) upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
*) vpls - improved system stability with enabled connection tracking;
*) vxlan - allow to specify MAC address manually;
*) w60g - fixed interface "reset-configuration" on Cube 60 devices;
*) w60g - improved interface initialization after being inactive for a while;
*) w60g - improved system stability when using mismatched L2MTU between station and AP;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
*) wifiwave2 - improved WPA3 support stability;
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - added "name" parameter under "Routing/BGP/Session" menu;
*) winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
*) winbox - added support for "veth" interface types;
*) winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - fixed filename dropdown value filtering;
*) winbox - fixed minor typo under "Interface" stats;
*) winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
*) winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
*) winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;
*) winbox - removed unused "Apply Changes" button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed Broadcom NIC support;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed "hdd-model" information from installation screen;
Версия 7.4
2022-07-20
What's new in 7.4 (2022-Jul-19 14:25):
Important note!!!
- Container package is not available in v7.4. Development and testing continues in "testing" channel.
Changes in this release:
*) api - fixed comma encoding within URL when using the ".proplist" argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) certificate - fixed new CRL updating;
*) chr - fixed booting with added additional SCSI disk;
*) cloud - print critical log message when system clock gets synchronized;
*) console - added ":retry" command;
*) console - fixed situation when print output was not consistent;
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
*) dhcp-server - change "vendor-class-id" matcher to generic option matcher;
*) dhcpv4-server - disallowed overriding message type option;
*) dhcpv4-server - log message when user option updates existing option;
*) dhcpv4-server - placed option 53 as the first one in the packet;
*) dns - convert the domain name to lowercase before matching regex;
*) dot1x - fixed "undo" command for server instances;
*) e-mail - added VRF support;
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules;
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) health - fixed requesting data from sensor when issuing "get" command;
*) health - fixed voltage reporting on some RBmAP-2nD devices;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) leds - fixed GPS LED configuration on LtAP LTE kit;
*) leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
*) leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
*) lte - added AT chat support for Dell dw5821e modem;
*) lte - fixed LTE interface running state after modem reconnection;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialization stage;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - show current value for "antenna" parameter when auto antenna selection fails;
*) lte - validate LTE attached IP type in MBIM mode;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) mpls - improved stability with enabled loop-detect;
*) mqtt - fixed log flooding with disconnect messages;
*) mqtt - fixed socket error handling;
*) netwatch - added support for more advanced probing;
*) ntp - added VRF support for client and server;
*) ntp - fixed manycast server support;
*) ntp - improved "debug" log level logging;
*) ovpn - added "AUTH_FAILED" control message sending;
*) ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
*) ovpn - use selected cipher by default when the server does not provide "cipher" option;
*) pimsm - improved system stability when changing configuration;
*) poe - hide "poe-voltage" parameter on devices that do not support it;
*) ppp - do not fail connection when trying to add existing IP address to address list;
*) ppp - log warning message when remote IP address can not be added;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
*) radius - added VRF support for RADIUS client;
*) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu);
*) route - expose all valid routes to route select filter from BGP;
*) route - expose all valid routes to route select filter from OSPF and RIP;
*) route - fixed false route type detection as blackhole;
*) route - fixed log messages when changing routing configuration;
*) route - made export run faster on tables with a large number of dynamic routes;
*) route - provide more detailed information about prefixes when using "discourse" tool;
*) route-filter - fixed route select filter rules;
*) routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
*) routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
*) routing-filter - fixed regexp community matcher;
*) routing-filter - made "do-jump" work in select rules;
*) rpki - fix potential memory leak;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - fixed host key generation (introduced in v7.3);
*) ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
*) system - added "shutdown" parameter for reset-configuration (CLI only);
*) system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
*) upgrade - ignore same version packages during upgrade procedure;
*) upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
*) vpls - improved system stability with enabled connection tracking;
*) vxlan - allow to specify MAC address manually;
*) w60g - fixed interface "reset-configuration" on Cube 60 devices;
*) w60g - improved interface initialization after being inactive for a while;
*) w60g - improved system stability when using mismatched L2MTU between station and AP;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
*) wifiwave2 - improved WPA3 support stability;
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - added "name" parameter under "Routing/BGP/Session" menu;
*) winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
*) winbox - added support for "veth" interface types;
*) winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - fixed filename dropdown value filtering;
*) winbox - fixed minor typo under "Interface" stats;
*) winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
*) winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
*) winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;
*) winbox - removed unused "Apply Changes" button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed Broadcom NIC support;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed "hdd-model" information from installation screen;
Important note!!!
- Container package is not available in v7.4. Development and testing continues in "testing" channel.
Changes in this release:
*) api - fixed comma encoding within URL when using the ".proplist" argument;
*) bridge - properly process IPsec decapsulated packets through the firewall when the "use-ip-firewall" option is enabled;
*) capsman - require a unique name for configuration and configuration pre-sets;
*) certificate - fixed new CRL updating;
*) chr - fixed booting with added additional SCSI disk;
*) cloud - print critical log message when system clock gets synchronized;
*) console - added ":retry" command;
*) console - fixed situation when print output was not consistent;
*) defconf - fixed default configuration loading on devices with WifiWave2 package;
*) dhcp-relay - fixed DHCPv6 relay forward and reply creation (introduced in v7.1.3);
*) dhcp-server - change "vendor-class-id" matcher to generic option matcher;
*) dhcpv4-server - disallowed overriding message type option;
*) dhcpv4-server - log message when user option updates existing option;
*) dhcpv4-server - placed option 53 as the first one in the packet;
*) dns - convert the domain name to lowercase before matching regex;
*) dot1x - fixed "undo" command for server instances;
*) e-mail - added VRF support;
*) filesystem - fixed repartition on RB5009 series devices;
*) firewall - added "srcnat" and "dstnat" flags to IPv6/Firewall/Connection table;
*) firewall - added support for IPv6/Firewall/NAT action=src-nat rules;
*) firewall - fixed IPv6 NAT functionality when processing GRE traffic on TILE devices;
*) firewall - fixed IPv6/Firewall/RAW functionality;
*) firewall - include "connection-mark", "connection-state", and "packet-mark" when packet logging is enabled;
*) firewall - properly handle interface matcher when VRF interface is specified;
*) health - fixed requesting data from sensor when issuing "get" command;
*) health - fixed voltage reporting on some RBmAP-2nD devices;
*) hotspot - fixed ARP resolution for clients when address pool is specified on the server;
*) hotspot - fixed Walled Garden entries with action=deny;
*) ipv6 - fixed system stability when adding/removing IPv6 address;
*) l2tp - improved stability when establishing l2tp-ether connection (introduced in v7.3);
*) ldp - correctly handle AFI selection for usage on dual-stack peers;
*) leds - fixed GPS LED configuration on LtAP LTE kit;
*) leds - fixed LTE signal strength LED configuration on LHGG LTE kit;
*) leds - fixed LTE signal strength LED configuration on LtAP LTE kit;
*) lte - added AT chat support for Dell dw5821e modem;
*) lte - fixed LTE interface running state after modem reconnection;
*) lte - fixed Telit AT interface numbering;
*) lte - improved LTE interface detection for LtAP-2HnD devices;
*) lte - keep MBIM working even if AT channel fails to respond in the initialization stage;
*) lte - request connect with the same IP type as in LTE attach status for MBIM;
*) lte - show current value for "antenna" parameter when auto antenna selection fails;
*) lte - validate LTE attached IP type in MBIM mode;
*) mmips - improved USB device detection after system bootup;
*) mpls - fixed VPLS functionality when PW peer is an immediate neighbor;
*) mpls - improved stability with enabled loop-detect;
*) mqtt - fixed log flooding with disconnect messages;
*) mqtt - fixed socket error handling;
*) netwatch - added support for more advanced probing;
*) ntp - added VRF support for client and server;
*) ntp - fixed manycast server support;
*) ntp - improved "debug" log level logging;
*) ovpn - added "AUTH_FAILED" control message sending;
*) ovpn - fixed "called-station-id" RADIUS attribute value for OVPN server;
*) ovpn - use selected cipher by default when the server does not provide "cipher" option;
*) pimsm - improved system stability when changing configuration;
*) poe - hide "poe-voltage" parameter on devices that do not support it;
*) ppp - do not fail connection when trying to add existing IP address to address list;
*) ppp - log warning message when remote IP address can not be added;
*) ppp - properly try to use different authentication algorithms when Conf-Rej is received during the LCP phase;
*) quickset - specify the "in-interface-list=WAN" attribute on firewall rules created through "Port Mapping";
*) radius - added VRF support for RADIUS client;
*) route - added option to join static IGMP and MLD groups (available in "/routing/gmp" menu);
*) route - expose all valid routes to route select filter from BGP;
*) route - expose all valid routes to route select filter from OSPF and RIP;
*) route - fixed false route type detection as blackhole;
*) route - fixed log messages when changing routing configuration;
*) route - made export run faster on tables with a large number of dynamic routes;
*) route - provide more detailed information about prefixes when using "discourse" tool;
*) route-filter - fixed route select filter rules;
*) routing - moved "/interface bgp vpls" to "/routing bgp vpls" menu;
*) routing-filter - added origin matcher to match for example routes of a specific OSPF instance;
*) routing-filter - fixed regexp community matcher;
*) routing-filter - made "do-jump" work in select rules;
*) rpki - fix potential memory leak;
*) ssh - disable ssh-rsa when strong-crypto=yes and use rsa-sha2-sha256;
*) ssh - fixed host key generation (introduced in v7.3);
*) ssh - implemented "server-sig-algs" extension in order to improve rsa-sha2-sha256 support;
*) switch - disabled second CPU core for CRS328-24P-4S+ device in order to improve SFP+ link stability;
*) switch - fixed multicast flooding when HW offloaded bridge port gets disabled;
*) system - added "shutdown" parameter for reset-configuration (CLI only);
*) system - fixed configuration reset with "run-after-reset" with file stored on ramdisk;
*) upgrade - ignore same version packages during upgrade procedure;
*) upgrade - improved RouterOS upgrade stability with attached USB modem on MIPSBE, SMIPS and MMIPS devices;
*) vpls - improved system stability with enabled connection tracking;
*) vxlan - allow to specify MAC address manually;
*) w60g - fixed interface "reset-configuration" on Cube 60 devices;
*) w60g - improved interface initialization after being inactive for a while;
*) w60g - improved system stability when using mismatched L2MTU between station and AP;
*) webfig - updated WebFig HTML files with the new MikroTik logo and removed Telnet option from index page;
*) webfig - updated link to the WinBox executable;
*) webfig - updated link to the documentation;
*) wifiwave2 - added initial support for roaming (802.11r) between local AP interfaces;
*) wifiwave2 - fixed "frequency-scan" functionality (introduced in v7.3);
*) wifiwave2 - improved WPA3 support stability;
*) winbox - add a log and log-prefix options to IPv6 firewall NAT and mangle rules;
*) winbox - added "name" parameter under "Routing/BGP/Session" menu;
*) winbox - added "to-address" and "to-ports" parameters under "IPv6/Firewall/NAT" menu;
*) winbox - added support for "veth" interface types;
*) winbox - fixed "inactive" flag naming under "MPLS/Local Mapping" menu;
*) winbox - fixed IP/Route and IPv6/Route OSPF type value;
*) winbox - fixed filename dropdown value filtering;
*) winbox - fixed minor typo under "Interface" stats;
*) winbox - fixed units for "reachable-time" parameter under "IPv6/ND" menu;
*) winbox - removed "TLS Host" parameter from "IP/Firewall/NAT" menu;
*) winbox - removed duplicate signal strength column under "Wireless/Registration Table" menu;
*) winbox - removed unused "Apply Changes" button from BGP sessions menu;
*) wireguard - fixed system stability when adding/removing WireGuard interface;
*) wireless - fixed possible traffic flooding to WDS clients when using Nv2 and multicast helper;
*) x86 - fixed Broadcom NIC support;
*) x86 - fixed keep old configuration functionality during x86 setup installation;
*) x86 - improved log warning message on failed downgrade attempt;
*) x86 - removed "hdd-model" information from installation screen;
Версия 7.3.1
2022-06-10
What's new in 7.3.1 (2022-Jun-09 11:58):
*) rb3011 - fixed RB3011 going into a reboot loop when the SFP module is present (introduced in v7.3);
*) wifiwave2 - fixed WPA3-PSK authentication incompatibility with certain vendor and model devices;
*) rb3011 - fixed RB3011 going into a reboot loop when the SFP module is present (introduced in v7.3);
*) wifiwave2 - fixed WPA3-PSK authentication incompatibility with certain vendor and model devices;
Версия 7.3.1
2022-06-10
What's new in 7.3.1 (2022-Jun-09 11:58):
*) rb3011 - fixed RB3011 going into a reboot loop when the SFP module is present (introduced in v7.3);
*) wifiwave2 - fixed WPA3-PSK authentication incompatibility with certain vendor and model devices;
*) rb3011 - fixed RB3011 going into a reboot loop when the SFP module is present (introduced in v7.3);
*) wifiwave2 - fixed WPA3-PSK authentication incompatibility with certain vendor and model devices;
Версия 7.3.1
2022-06-10
What's new in 7.3.1 (2022-Jun-09 11:58):
*) rb3011 - fixed RB3011 going into a reboot loop when the SFP module is present (introduced in v7.3);
*) wifiwave2 - fixed WPA3-PSK authentication incompatibility with certain vendor and model devices;
*) rb3011 - fixed RB3011 going into a reboot loop when the SFP module is present (introduced in v7.3);
*) wifiwave2 - fixed WPA3-PSK authentication incompatibility with certain vendor and model devices;
Версия 7.3
2022-06-07
What's new in 7.3 (2022-Jun-06 11:38):
*) bgp - added "name" parameter for connections;
*) bgp - added initial support for prefix limit;
*) bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
*) bgp - fixed "l2vpn" distribution;
*) bgp - improved stability when editing BGP template;
*) bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
*) bgp - remove unused commands and parameters;
*) bluetooth - improved long-term service stability;
*) bonding - added "lacp-user-key" setting;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) bridge - added more details for loop detection warning;
*) bridge - do not set VLAN on inactive port with a "set" command;
*) bridge - fixed TCP, UDP port parsing for loop detect warning;
*) bridge - fixed packet marking for IP/IPv6 firewall;
*) bridge - ignore VLAN tagged BPDU;
*) capsman - fixed bridge disabling when using L2 connection;
*) capsman - fixed loss of manager configuration when "package-path" is set to external disk;
*) capsman - improved traffic processing over CAP communication tunnels:
*) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - improved interface link stability on CCR2004-16G-2S+PC;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) chr - fixed Cloud DDNS update after license renewal;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) console - fixed "terminal inkey" command;
*) crs1xx/2xx - improved system stability during switch reset;
*) defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
*) dhcpv4-server - fixed minor logging typo;
*) dot1x - fixed RADIUS State attribute when client is reauthenticated;
*) dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
*) dot1x - improved server stability when using re-authentication;
*) export - fixed value ID exporting that does not refer to any name;
*) fetch - fixed SFTP upload;
*) fetch - improved full disk detection;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - added GPS package support for Chateau devices;
*) gps - fixed minor value unit typo;
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;
*) ipsec - fixed printing of active peer statistics;
*) ipv6 - added "ra-preference" parameter support for RA;
*) ipv6 - fixed dynamic non link-local addresses displaying;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l2tp - added VRF support for L2TP client;
*) l3hw - greatly improved route offloading speed;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
*) l3hw - offload only main routing table;
*) l3hw - optimized offloading when dealing with large volume of directly connected hosts;
*) l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lhgg - improved system stability (introduced in v7.2);
*) lora - do not allow setting non-existing forwarding server;
*) lora - fixed bogus TOO_EARLY errors;
*) lora - removed TX lookup table;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - allow only MCC/NMC format in "operator" parameter;
*) lte - clear SIM values when modem in "stopped" state;
*) lte - disabled extended signal info query for Telit LN940 module;
*) lte - disabled wait for LTE auto attach;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
*) lte - fixed Sierra MC7455 modem initialization;
*) lte - hide slave interfaces from export;
*) lte - improved LTE interface initialization process on LtAP-2HnD;
*) lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS MTU and path MTU selection;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) mpls - improved LDP AF selection process and behavior;
*) mpls - made LDP bindings work on PPP interfaces;
*) ntp - do not allow setting port number in "server" parameter;
*) ntp - fixed "use-local-clock" behavior when enabling server;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - ignore instance route when originate-default=if-installed is enabled;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
*) ovpn - fixed hardware offloading support on CHR;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - improved server stability under continous overload;
*) ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ovpn - moved authentication failure messages to "info" logging level;
*) ovpn - reply with the same IP address that the connection was established to;
*) ping - fixed socket allocation after VRF change;
*) port - do not loose "parity" setting;
*) ppp - added support for VRF;
*) ppp - added warning when using prefix length other than /64 for router advertisement;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed active sessions sometimes getting stuck;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) profile - added "wireguard" process classificator;
*) profile - added "zerotier" process classificator;
*) qsfp - reset module only when all ports are disabled;
*) queue - allow to set higher limits than 4G;
*) queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
*) queue - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) resource - fixed CPU type display under system resources for ARM and ARM64;
*) romon - fixed VLAN tagged packet processing;
*) route - fixed "nexthop" table printing;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed IPv6 /127 route nexthop resolution;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) routerboard - fixed USB bus numbering on LtAP and M33G;
*) routerboot - added extra shortcut information on how to boot into etherboot;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
*) sfp - hide empty monitor values in console;
*) sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
*) sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
*) smb - fixed SMB2 file list reporting;
*) snmp - added VRF support (CLI only);
*) snmp - added VRF support;
*) snmp - fixed reported disk size when multiple external disks are attached;
*) snmp - hide Vendor ID in DHCP MIB when branding is present;
*) snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
*) ssh - added AES-GCM cipher support;
*) ssh - fail non-interactive client after first invalid password;
*) ssh - fixed corrupt host key automatic regeneration;
*) ssh - fixed private key usage after downgrade;
*) ssh - removed DSA public key authentication support;
*) supout - added IGMP-Proxy section;
*) supout - added NTP servers section;
*) supout - added PIMSM section;
*) supout - added RIP section;
*) supout - added WireGuard section;
*) supout - added simplified IPv4 and IPv6 routing table prints;
*) switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
*) switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed IP service initialization in VRF after system startup;
*) system - fixed Kernel timer consistency;
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) torch - properly capture all related IPv6 traffic;
*) tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
*) tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
*) upnp - improved stability when processing incomplete HTTP header;
*) user-manager - added "Acct-Interim-Interval" to predefined attribute list;
*) user-manager - improved stability when received EAP attribute with non-existing state attribute;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) vpls - fixed TE transport path usage after startup;
*) vrrp - fixed learning of bridged local MAC addreses;
*) w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
*) webfig - properly show all routing table content;
*) wifiwave2 - fixed VLAN tag handling;
*) wifiwave2 - general stability and throughput improvements;
*) winbox - added "Comment" parameter for BGP templates and connections;
*) winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
*) winbox - added "ra-preference" parameter under "IPv6/ND" menu;
*) winbox - added SKID and AKID parameters under "Certificate" menu;
*) winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
*) winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
*) winbox - added missing "Scan List" parameter for W60G interfaces;
*) winbox - added missing BGP session commands;
*) winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
*) winbox - added warning message for LTE upgrade process;
*) winbox - do not auto start Wireless Sniffer when opened;
*) winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
*) winbox - fixed "IP/Cloud" window refreshing after changes are detected;
*) winbox - fixed "Type" values under "IP/Route" menu;
*) winbox - fixed graph drawing in QuickSet;
*) winbox - fixed hex type values under "User Manager" menu;
*) winbox - fixed minor typo in reboot confirmation prompt;
*) winbox - fixed typo in ZeroTier instance title;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - made "MPLS Interface" table sortable under "MPLS" menu;
*) winbox - made 56 the default ping size;
*) winbox - made wireless access list entries sortable when using the wifiwave2 package;
*) winbox - minimal required version is v3.33;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - properly load band values under "LTE" menu;
*) winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show PVID column by default under "Bridge" menu;
*) winbox - show correct file system type under "System/Disks" menu;
*) winbox - take into account timezone for timed values under "User Manager" menu;
*) wireless - fixed "wmm-support=required" checking;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) x86 - added support for Solarflare SFC1920 NIC;
*) x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);
*) x86 - improved support for Intel E810 NIC;
*) zerotier - added support for Controller configuration;
*) bgp - added "name" parameter for connections;
*) bgp - added initial support for prefix limit;
*) bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
*) bgp - fixed "l2vpn" distribution;
*) bgp - improved stability when editing BGP template;
*) bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
*) bgp - remove unused commands and parameters;
*) bluetooth - improved long-term service stability;
*) bonding - added "lacp-user-key" setting;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) bridge - added more details for loop detection warning;
*) bridge - do not set VLAN on inactive port with a "set" command;
*) bridge - fixed TCP, UDP port parsing for loop detect warning;
*) bridge - fixed packet marking for IP/IPv6 firewall;
*) bridge - ignore VLAN tagged BPDU;
*) capsman - fixed bridge disabling when using L2 connection;
*) capsman - fixed loss of manager configuration when "package-path" is set to external disk;
*) capsman - improved traffic processing over CAP communication tunnels:
*) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - improved interface link stability on CCR2004-16G-2S+PC;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) chr - fixed Cloud DDNS update after license renewal;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) console - fixed "terminal inkey" command;
*) crs1xx/2xx - improved system stability during switch reset;
*) defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
*) dhcpv4-server - fixed minor logging typo;
*) dot1x - fixed RADIUS State attribute when client is reauthenticated;
*) dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
*) dot1x - improved server stability when using re-authentication;
*) export - fixed value ID exporting that does not refer to any name;
*) fetch - fixed SFTP upload;
*) fetch - improved full disk detection;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - added GPS package support for Chateau devices;
*) gps - fixed minor value unit typo;
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;
*) ipsec - fixed printing of active peer statistics;
*) ipv6 - added "ra-preference" parameter support for RA;
*) ipv6 - fixed dynamic non link-local addresses displaying;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l2tp - added VRF support for L2TP client;
*) l3hw - greatly improved route offloading speed;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
*) l3hw - offload only main routing table;
*) l3hw - optimized offloading when dealing with large volume of directly connected hosts;
*) l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lhgg - improved system stability (introduced in v7.2);
*) lora - do not allow setting non-existing forwarding server;
*) lora - fixed bogus TOO_EARLY errors;
*) lora - removed TX lookup table;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - allow only MCC/NMC format in "operator" parameter;
*) lte - clear SIM values when modem in "stopped" state;
*) lte - disabled extended signal info query for Telit LN940 module;
*) lte - disabled wait for LTE auto attach;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
*) lte - fixed Sierra MC7455 modem initialization;
*) lte - hide slave interfaces from export;
*) lte - improved LTE interface initialization process on LtAP-2HnD;
*) lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS MTU and path MTU selection;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) mpls - improved LDP AF selection process and behavior;
*) mpls - made LDP bindings work on PPP interfaces;
*) ntp - do not allow setting port number in "server" parameter;
*) ntp - fixed "use-local-clock" behavior when enabling server;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - ignore instance route when originate-default=if-installed is enabled;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
*) ovpn - fixed hardware offloading support on CHR;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - improved server stability under continous overload;
*) ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ovpn - moved authentication failure messages to "info" logging level;
*) ovpn - reply with the same IP address that the connection was established to;
*) ping - fixed socket allocation after VRF change;
*) port - do not loose "parity" setting;
*) ppp - added support for VRF;
*) ppp - added warning when using prefix length other than /64 for router advertisement;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed active sessions sometimes getting stuck;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) profile - added "wireguard" process classificator;
*) profile - added "zerotier" process classificator;
*) qsfp - reset module only when all ports are disabled;
*) queue - allow to set higher limits than 4G;
*) queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
*) queue - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) resource - fixed CPU type display under system resources for ARM and ARM64;
*) romon - fixed VLAN tagged packet processing;
*) route - fixed "nexthop" table printing;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed IPv6 /127 route nexthop resolution;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) routerboard - fixed USB bus numbering on LtAP and M33G;
*) routerboot - added extra shortcut information on how to boot into etherboot;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
*) sfp - hide empty monitor values in console;
*) sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
*) sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
*) smb - fixed SMB2 file list reporting;
*) snmp - added VRF support (CLI only);
*) snmp - added VRF support;
*) snmp - fixed reported disk size when multiple external disks are attached;
*) snmp - hide Vendor ID in DHCP MIB when branding is present;
*) snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
*) ssh - added AES-GCM cipher support;
*) ssh - fail non-interactive client after first invalid password;
*) ssh - fixed corrupt host key automatic regeneration;
*) ssh - fixed private key usage after downgrade;
*) ssh - removed DSA public key authentication support;
*) supout - added IGMP-Proxy section;
*) supout - added NTP servers section;
*) supout - added PIMSM section;
*) supout - added RIP section;
*) supout - added WireGuard section;
*) supout - added simplified IPv4 and IPv6 routing table prints;
*) switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
*) switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed IP service initialization in VRF after system startup;
*) system - fixed Kernel timer consistency;
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) torch - properly capture all related IPv6 traffic;
*) tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
*) tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
*) upnp - improved stability when processing incomplete HTTP header;
*) user-manager - added "Acct-Interim-Interval" to predefined attribute list;
*) user-manager - improved stability when received EAP attribute with non-existing state attribute;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) vpls - fixed TE transport path usage after startup;
*) vrrp - fixed learning of bridged local MAC addreses;
*) w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
*) webfig - properly show all routing table content;
*) wifiwave2 - fixed VLAN tag handling;
*) wifiwave2 - general stability and throughput improvements;
*) winbox - added "Comment" parameter for BGP templates and connections;
*) winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
*) winbox - added "ra-preference" parameter under "IPv6/ND" menu;
*) winbox - added SKID and AKID parameters under "Certificate" menu;
*) winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
*) winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
*) winbox - added missing "Scan List" parameter for W60G interfaces;
*) winbox - added missing BGP session commands;
*) winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
*) winbox - added warning message for LTE upgrade process;
*) winbox - do not auto start Wireless Sniffer when opened;
*) winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
*) winbox - fixed "IP/Cloud" window refreshing after changes are detected;
*) winbox - fixed "Type" values under "IP/Route" menu;
*) winbox - fixed graph drawing in QuickSet;
*) winbox - fixed hex type values under "User Manager" menu;
*) winbox - fixed minor typo in reboot confirmation prompt;
*) winbox - fixed typo in ZeroTier instance title;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - made "MPLS Interface" table sortable under "MPLS" menu;
*) winbox - made 56 the default ping size;
*) winbox - made wireless access list entries sortable when using the wifiwave2 package;
*) winbox - minimal required version is v3.33;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - properly load band values under "LTE" menu;
*) winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show PVID column by default under "Bridge" menu;
*) winbox - show correct file system type under "System/Disks" menu;
*) winbox - take into account timezone for timed values under "User Manager" menu;
*) wireless - fixed "wmm-support=required" checking;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) x86 - added support for Solarflare SFC1920 NIC;
*) x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);
*) x86 - improved support for Intel E810 NIC;
*) zerotier - added support for Controller configuration;
Версия 7.3
2022-06-07
What's new in 7.3 (2022-Jun-06 11:38):
*) bgp - added "name" parameter for connections;
*) bgp - added initial support for prefix limit;
*) bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
*) bgp - fixed "l2vpn" distribution;
*) bgp - improved stability when editing BGP template;
*) bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
*) bgp - remove unused commands and parameters;
*) bluetooth - improved long-term service stability;
*) bonding - added "lacp-user-key" setting;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) bridge - added more details for loop detection warning;
*) bridge - do not set VLAN on inactive port with a "set" command;
*) bridge - fixed TCP, UDP port parsing for loop detect warning;
*) bridge - fixed packet marking for IP/IPv6 firewall;
*) bridge - ignore VLAN tagged BPDU;
*) capsman - fixed bridge disabling when using L2 connection;
*) capsman - fixed loss of manager configuration when "package-path" is set to external disk;
*) capsman - improved traffic processing over CAP communication tunnels:
*) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - improved interface link stability on CCR2004-16G-2S+PC;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) chr - fixed Cloud DDNS update after license renewal;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) console - fixed "terminal inkey" command;
*) crs1xx/2xx - improved system stability during switch reset;
*) defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
*) dhcpv4-server - fixed minor logging typo;
*) dot1x - fixed RADIUS State attribute when client is reauthenticated;
*) dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
*) dot1x - improved server stability when using re-authentication;
*) export - fixed value ID exporting that does not refer to any name;
*) fetch - fixed SFTP upload;
*) fetch - improved full disk detection;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - added GPS package support for Chateau devices;
*) gps - fixed minor value unit typo;
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;
*) ipsec - fixed printing of active peer statistics;
*) ipv6 - added "ra-preference" parameter support for RA;
*) ipv6 - fixed dynamic non link-local addresses displaying;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l2tp - added VRF support for L2TP client;
*) l3hw - greatly improved route offloading speed;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
*) l3hw - offload only main routing table;
*) l3hw - optimized offloading when dealing with large volume of directly connected hosts;
*) l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lhgg - improved system stability (introduced in v7.2);
*) lora - do not allow setting non-existing forwarding server;
*) lora - fixed bogus TOO_EARLY errors;
*) lora - removed TX lookup table;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - allow only MCC/NMC format in "operator" parameter;
*) lte - clear SIM values when modem in "stopped" state;
*) lte - disabled extended signal info query for Telit LN940 module;
*) lte - disabled wait for LTE auto attach;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
*) lte - fixed Sierra MC7455 modem initialization;
*) lte - hide slave interfaces from export;
*) lte - improved LTE interface initialization process on LtAP-2HnD;
*) lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS MTU and path MTU selection;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) mpls - improved LDP AF selection process and behavior;
*) mpls - made LDP bindings work on PPP interfaces;
*) ntp - do not allow setting port number in "server" parameter;
*) ntp - fixed "use-local-clock" behavior when enabling server;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - ignore instance route when originate-default=if-installed is enabled;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
*) ovpn - fixed hardware offloading support on CHR;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - improved server stability under continous overload;
*) ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ovpn - moved authentication failure messages to "info" logging level;
*) ovpn - reply with the same IP address that the connection was established to;
*) ping - fixed socket allocation after VRF change;
*) port - do not loose "parity" setting;
*) ppp - added support for VRF;
*) ppp - added warning when using prefix length other than /64 for router advertisement;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed active sessions sometimes getting stuck;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) profile - added "wireguard" process classificator;
*) profile - added "zerotier" process classificator;
*) qsfp - reset module only when all ports are disabled;
*) queue - allow to set higher limits than 4G;
*) queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
*) queue - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) resource - fixed CPU type display under system resources for ARM and ARM64;
*) romon - fixed VLAN tagged packet processing;
*) route - fixed "nexthop" table printing;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed IPv6 /127 route nexthop resolution;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) routerboard - fixed USB bus numbering on LtAP and M33G;
*) routerboot - added extra shortcut information on how to boot into etherboot;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
*) sfp - hide empty monitor values in console;
*) sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
*) sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
*) smb - fixed SMB2 file list reporting;
*) snmp - added VRF support (CLI only);
*) snmp - added VRF support;
*) snmp - fixed reported disk size when multiple external disks are attached;
*) snmp - hide Vendor ID in DHCP MIB when branding is present;
*) snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
*) ssh - added AES-GCM cipher support;
*) ssh - fail non-interactive client after first invalid password;
*) ssh - fixed corrupt host key automatic regeneration;
*) ssh - fixed private key usage after downgrade;
*) ssh - removed DSA public key authentication support;
*) supout - added IGMP-Proxy section;
*) supout - added NTP servers section;
*) supout - added PIMSM section;
*) supout - added RIP section;
*) supout - added WireGuard section;
*) supout - added simplified IPv4 and IPv6 routing table prints;
*) switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
*) switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed IP service initialization in VRF after system startup;
*) system - fixed Kernel timer consistency;
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) torch - properly capture all related IPv6 traffic;
*) tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
*) tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
*) upnp - improved stability when processing incomplete HTTP header;
*) user-manager - added "Acct-Interim-Interval" to predefined attribute list;
*) user-manager - improved stability when received EAP attribute with non-existing state attribute;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) vpls - fixed TE transport path usage after startup;
*) vrrp - fixed learning of bridged local MAC addreses;
*) w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
*) webfig - properly show all routing table content;
*) wifiwave2 - fixed VLAN tag handling;
*) wifiwave2 - general stability and throughput improvements;
*) winbox - added "Comment" parameter for BGP templates and connections;
*) winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
*) winbox - added "ra-preference" parameter under "IPv6/ND" menu;
*) winbox - added SKID and AKID parameters under "Certificate" menu;
*) winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
*) winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
*) winbox - added missing "Scan List" parameter for W60G interfaces;
*) winbox - added missing BGP session commands;
*) winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
*) winbox - added warning message for LTE upgrade process;
*) winbox - do not auto start Wireless Sniffer when opened;
*) winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
*) winbox - fixed "IP/Cloud" window refreshing after changes are detected;
*) winbox - fixed "Type" values under "IP/Route" menu;
*) winbox - fixed graph drawing in QuickSet;
*) winbox - fixed hex type values under "User Manager" menu;
*) winbox - fixed minor typo in reboot confirmation prompt;
*) winbox - fixed typo in ZeroTier instance title;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - made "MPLS Interface" table sortable under "MPLS" menu;
*) winbox - made 56 the default ping size;
*) winbox - made wireless access list entries sortable when using the wifiwave2 package;
*) winbox - minimal required version is v3.33;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - properly load band values under "LTE" menu;
*) winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show PVID column by default under "Bridge" menu;
*) winbox - show correct file system type under "System/Disks" menu;
*) winbox - take into account timezone for timed values under "User Manager" menu;
*) wireless - fixed "wmm-support=required" checking;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) x86 - added support for Solarflare SFC1920 NIC;
*) x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);
*) x86 - improved support for Intel E810 NIC;
*) zerotier - added support for Controller configuration;
*) bgp - added "name" parameter for connections;
*) bgp - added initial support for prefix limit;
*) bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
*) bgp - fixed "l2vpn" distribution;
*) bgp - improved stability when editing BGP template;
*) bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
*) bgp - remove unused commands and parameters;
*) bluetooth - improved long-term service stability;
*) bonding - added "lacp-user-key" setting;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) bridge - added more details for loop detection warning;
*) bridge - do not set VLAN on inactive port with a "set" command;
*) bridge - fixed TCP, UDP port parsing for loop detect warning;
*) bridge - fixed packet marking for IP/IPv6 firewall;
*) bridge - ignore VLAN tagged BPDU;
*) capsman - fixed bridge disabling when using L2 connection;
*) capsman - fixed loss of manager configuration when "package-path" is set to external disk;
*) capsman - improved traffic processing over CAP communication tunnels:
*) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - improved interface link stability on CCR2004-16G-2S+PC;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) chr - fixed Cloud DDNS update after license renewal;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) console - fixed "terminal inkey" command;
*) crs1xx/2xx - improved system stability during switch reset;
*) defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
*) dhcpv4-server - fixed minor logging typo;
*) dot1x - fixed RADIUS State attribute when client is reauthenticated;
*) dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
*) dot1x - improved server stability when using re-authentication;
*) export - fixed value ID exporting that does not refer to any name;
*) fetch - fixed SFTP upload;
*) fetch - improved full disk detection;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - added GPS package support for Chateau devices;
*) gps - fixed minor value unit typo;
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;
*) ipsec - fixed printing of active peer statistics;
*) ipv6 - added "ra-preference" parameter support for RA;
*) ipv6 - fixed dynamic non link-local addresses displaying;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l2tp - added VRF support for L2TP client;
*) l3hw - greatly improved route offloading speed;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
*) l3hw - offload only main routing table;
*) l3hw - optimized offloading when dealing with large volume of directly connected hosts;
*) l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lhgg - improved system stability (introduced in v7.2);
*) lora - do not allow setting non-existing forwarding server;
*) lora - fixed bogus TOO_EARLY errors;
*) lora - removed TX lookup table;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - allow only MCC/NMC format in "operator" parameter;
*) lte - clear SIM values when modem in "stopped" state;
*) lte - disabled extended signal info query for Telit LN940 module;
*) lte - disabled wait for LTE auto attach;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
*) lte - fixed Sierra MC7455 modem initialization;
*) lte - hide slave interfaces from export;
*) lte - improved LTE interface initialization process on LtAP-2HnD;
*) lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS MTU and path MTU selection;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) mpls - improved LDP AF selection process and behavior;
*) mpls - made LDP bindings work on PPP interfaces;
*) ntp - do not allow setting port number in "server" parameter;
*) ntp - fixed "use-local-clock" behavior when enabling server;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - ignore instance route when originate-default=if-installed is enabled;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
*) ovpn - fixed hardware offloading support on CHR;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - improved server stability under continous overload;
*) ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ovpn - moved authentication failure messages to "info" logging level;
*) ovpn - reply with the same IP address that the connection was established to;
*) ping - fixed socket allocation after VRF change;
*) port - do not loose "parity" setting;
*) ppp - added support for VRF;
*) ppp - added warning when using prefix length other than /64 for router advertisement;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed active sessions sometimes getting stuck;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) profile - added "wireguard" process classificator;
*) profile - added "zerotier" process classificator;
*) qsfp - reset module only when all ports are disabled;
*) queue - allow to set higher limits than 4G;
*) queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
*) queue - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) resource - fixed CPU type display under system resources for ARM and ARM64;
*) romon - fixed VLAN tagged packet processing;
*) route - fixed "nexthop" table printing;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed IPv6 /127 route nexthop resolution;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) routerboard - fixed USB bus numbering on LtAP and M33G;
*) routerboot - added extra shortcut information on how to boot into etherboot;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
*) sfp - hide empty monitor values in console;
*) sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
*) sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
*) smb - fixed SMB2 file list reporting;
*) snmp - added VRF support (CLI only);
*) snmp - added VRF support;
*) snmp - fixed reported disk size when multiple external disks are attached;
*) snmp - hide Vendor ID in DHCP MIB when branding is present;
*) snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
*) ssh - added AES-GCM cipher support;
*) ssh - fail non-interactive client after first invalid password;
*) ssh - fixed corrupt host key automatic regeneration;
*) ssh - fixed private key usage after downgrade;
*) ssh - removed DSA public key authentication support;
*) supout - added IGMP-Proxy section;
*) supout - added NTP servers section;
*) supout - added PIMSM section;
*) supout - added RIP section;
*) supout - added WireGuard section;
*) supout - added simplified IPv4 and IPv6 routing table prints;
*) switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
*) switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed IP service initialization in VRF after system startup;
*) system - fixed Kernel timer consistency;
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) torch - properly capture all related IPv6 traffic;
*) tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
*) tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
*) upnp - improved stability when processing incomplete HTTP header;
*) user-manager - added "Acct-Interim-Interval" to predefined attribute list;
*) user-manager - improved stability when received EAP attribute with non-existing state attribute;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) vpls - fixed TE transport path usage after startup;
*) vrrp - fixed learning of bridged local MAC addreses;
*) w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
*) webfig - properly show all routing table content;
*) wifiwave2 - fixed VLAN tag handling;
*) wifiwave2 - general stability and throughput improvements;
*) winbox - added "Comment" parameter for BGP templates and connections;
*) winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
*) winbox - added "ra-preference" parameter under "IPv6/ND" menu;
*) winbox - added SKID and AKID parameters under "Certificate" menu;
*) winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
*) winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
*) winbox - added missing "Scan List" parameter for W60G interfaces;
*) winbox - added missing BGP session commands;
*) winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
*) winbox - added warning message for LTE upgrade process;
*) winbox - do not auto start Wireless Sniffer when opened;
*) winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
*) winbox - fixed "IP/Cloud" window refreshing after changes are detected;
*) winbox - fixed "Type" values under "IP/Route" menu;
*) winbox - fixed graph drawing in QuickSet;
*) winbox - fixed hex type values under "User Manager" menu;
*) winbox - fixed minor typo in reboot confirmation prompt;
*) winbox - fixed typo in ZeroTier instance title;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - made "MPLS Interface" table sortable under "MPLS" menu;
*) winbox - made 56 the default ping size;
*) winbox - made wireless access list entries sortable when using the wifiwave2 package;
*) winbox - minimal required version is v3.33;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - properly load band values under "LTE" menu;
*) winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show PVID column by default under "Bridge" menu;
*) winbox - show correct file system type under "System/Disks" menu;
*) winbox - take into account timezone for timed values under "User Manager" menu;
*) wireless - fixed "wmm-support=required" checking;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) x86 - added support for Solarflare SFC1920 NIC;
*) x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);
*) x86 - improved support for Intel E810 NIC;
*) zerotier - added support for Controller configuration;
Версия 7.3
2022-06-07
What's new in 7.3 (2022-Jun-06 11:38):
*) bgp - added "name" parameter for connections;
*) bgp - added initial support for prefix limit;
*) bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
*) bgp - fixed "l2vpn" distribution;
*) bgp - improved stability when editing BGP template;
*) bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
*) bgp - remove unused commands and parameters;
*) bluetooth - improved long-term service stability;
*) bonding - added "lacp-user-key" setting;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) bridge - added more details for loop detection warning;
*) bridge - do not set VLAN on inactive port with a "set" command;
*) bridge - fixed TCP, UDP port parsing for loop detect warning;
*) bridge - fixed packet marking for IP/IPv6 firewall;
*) bridge - ignore VLAN tagged BPDU;
*) capsman - fixed bridge disabling when using L2 connection;
*) capsman - fixed loss of manager configuration when "package-path" is set to external disk;
*) capsman - improved traffic processing over CAP communication tunnels:
*) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - improved interface link stability on CCR2004-16G-2S+PC;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) chr - fixed Cloud DDNS update after license renewal;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) console - fixed "terminal inkey" command;
*) crs1xx/2xx - improved system stability during switch reset;
*) defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
*) dhcpv4-server - fixed minor logging typo;
*) dot1x - fixed RADIUS State attribute when client is reauthenticated;
*) dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
*) dot1x - improved server stability when using re-authentication;
*) export - fixed value ID exporting that does not refer to any name;
*) fetch - fixed SFTP upload;
*) fetch - improved full disk detection;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - added GPS package support for Chateau devices;
*) gps - fixed minor value unit typo;
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;
*) ipsec - fixed printing of active peer statistics;
*) ipv6 - added "ra-preference" parameter support for RA;
*) ipv6 - fixed dynamic non link-local addresses displaying;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l2tp - added VRF support for L2TP client;
*) l3hw - greatly improved route offloading speed;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
*) l3hw - offload only main routing table;
*) l3hw - optimized offloading when dealing with large volume of directly connected hosts;
*) l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lhgg - improved system stability (introduced in v7.2);
*) lora - do not allow setting non-existing forwarding server;
*) lora - fixed bogus TOO_EARLY errors;
*) lora - removed TX lookup table;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - allow only MCC/NMC format in "operator" parameter;
*) lte - clear SIM values when modem in "stopped" state;
*) lte - disabled extended signal info query for Telit LN940 module;
*) lte - disabled wait for LTE auto attach;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
*) lte - fixed Sierra MC7455 modem initialization;
*) lte - hide slave interfaces from export;
*) lte - improved LTE interface initialization process on LtAP-2HnD;
*) lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS MTU and path MTU selection;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) mpls - improved LDP AF selection process and behavior;
*) mpls - made LDP bindings work on PPP interfaces;
*) ntp - do not allow setting port number in "server" parameter;
*) ntp - fixed "use-local-clock" behavior when enabling server;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - ignore instance route when originate-default=if-installed is enabled;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
*) ovpn - fixed hardware offloading support on CHR;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - improved server stability under continous overload;
*) ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ovpn - moved authentication failure messages to "info" logging level;
*) ovpn - reply with the same IP address that the connection was established to;
*) ping - fixed socket allocation after VRF change;
*) port - do not loose "parity" setting;
*) ppp - added support for VRF;
*) ppp - added warning when using prefix length other than /64 for router advertisement;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed active sessions sometimes getting stuck;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) profile - added "wireguard" process classificator;
*) profile - added "zerotier" process classificator;
*) qsfp - reset module only when all ports are disabled;
*) queue - allow to set higher limits than 4G;
*) queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
*) queue - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) resource - fixed CPU type display under system resources for ARM and ARM64;
*) romon - fixed VLAN tagged packet processing;
*) route - fixed "nexthop" table printing;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed IPv6 /127 route nexthop resolution;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) routerboard - fixed USB bus numbering on LtAP and M33G;
*) routerboot - added extra shortcut information on how to boot into etherboot;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
*) sfp - hide empty monitor values in console;
*) sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
*) sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
*) smb - fixed SMB2 file list reporting;
*) snmp - added VRF support (CLI only);
*) snmp - added VRF support;
*) snmp - fixed reported disk size when multiple external disks are attached;
*) snmp - hide Vendor ID in DHCP MIB when branding is present;
*) snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
*) ssh - added AES-GCM cipher support;
*) ssh - fail non-interactive client after first invalid password;
*) ssh - fixed corrupt host key automatic regeneration;
*) ssh - fixed private key usage after downgrade;
*) ssh - removed DSA public key authentication support;
*) supout - added IGMP-Proxy section;
*) supout - added NTP servers section;
*) supout - added PIMSM section;
*) supout - added RIP section;
*) supout - added WireGuard section;
*) supout - added simplified IPv4 and IPv6 routing table prints;
*) switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
*) switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed IP service initialization in VRF after system startup;
*) system - fixed Kernel timer consistency;
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) torch - properly capture all related IPv6 traffic;
*) tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
*) tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
*) upnp - improved stability when processing incomplete HTTP header;
*) user-manager - added "Acct-Interim-Interval" to predefined attribute list;
*) user-manager - improved stability when received EAP attribute with non-existing state attribute;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) vpls - fixed TE transport path usage after startup;
*) vrrp - fixed learning of bridged local MAC addreses;
*) w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
*) webfig - properly show all routing table content;
*) wifiwave2 - fixed VLAN tag handling;
*) wifiwave2 - general stability and throughput improvements;
*) winbox - added "Comment" parameter for BGP templates and connections;
*) winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
*) winbox - added "ra-preference" parameter under "IPv6/ND" menu;
*) winbox - added SKID and AKID parameters under "Certificate" menu;
*) winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
*) winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
*) winbox - added missing "Scan List" parameter for W60G interfaces;
*) winbox - added missing BGP session commands;
*) winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
*) winbox - added warning message for LTE upgrade process;
*) winbox - do not auto start Wireless Sniffer when opened;
*) winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
*) winbox - fixed "IP/Cloud" window refreshing after changes are detected;
*) winbox - fixed "Type" values under "IP/Route" menu;
*) winbox - fixed graph drawing in QuickSet;
*) winbox - fixed hex type values under "User Manager" menu;
*) winbox - fixed minor typo in reboot confirmation prompt;
*) winbox - fixed typo in ZeroTier instance title;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - made "MPLS Interface" table sortable under "MPLS" menu;
*) winbox - made 56 the default ping size;
*) winbox - made wireless access list entries sortable when using the wifiwave2 package;
*) winbox - minimal required version is v3.33;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - properly load band values under "LTE" menu;
*) winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show PVID column by default under "Bridge" menu;
*) winbox - show correct file system type under "System/Disks" menu;
*) winbox - take into account timezone for timed values under "User Manager" menu;
*) wireless - fixed "wmm-support=required" checking;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) x86 - added support for Solarflare SFC1920 NIC;
*) x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);
*) x86 - improved support for Intel E810 NIC;
*) zerotier - added support for Controller configuration;
*) bgp - added "name" parameter for connections;
*) bgp - added initial support for prefix limit;
*) bgp - fixed "keepalive-timeout" value when upgrading from RouterOS v6;
*) bgp - fixed "l2vpn" distribution;
*) bgp - improved stability when editing BGP template;
*) bgp - moved "interface bgp-vpls" menu to "routing bgp vpls";
*) bgp - remove unused commands and parameters;
*) bluetooth - improved long-term service stability;
*) bonding - added "lacp-user-key" setting;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) bridge - added more details for loop detection warning;
*) bridge - do not set VLAN on inactive port with a "set" command;
*) bridge - fixed TCP, UDP port parsing for loop detect warning;
*) bridge - fixed packet marking for IP/IPv6 firewall;
*) bridge - ignore VLAN tagged BPDU;
*) capsman - fixed bridge disabling when using L2 connection;
*) capsman - fixed loss of manager configuration when "package-path" is set to external disk;
*) capsman - improved traffic processing over CAP communication tunnels:
*) ccr - added "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - improved interface link stability on CCR2004-16G-2S+PC;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) chr - fixed Cloud DDNS update after license renewal;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) console - fixed "terminal inkey" command;
*) crs1xx/2xx - improved system stability during switch reset;
*) defconf - do not add passthrough ports to local bridge on CCR2004-1G-2XS-PCIe;
*) dhcpv4-server - added "age" parameter for dynamic leases;
*) dhcpv4-server - fixed conflicting or declined lease detection when IP pool differs from server's configuration;
*) dhcpv4-server - fixed minor logging typo;
*) dot1x - fixed RADIUS State attribute when client is reauthenticated;
*) dot1x - fixed port based VLAN ID assignment on devices without a switch chip;
*) dot1x - improved server stability when using re-authentication;
*) export - fixed value ID exporting that does not refer to any name;
*) fetch - fixed SFTP upload;
*) fetch - improved full disk detection;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved UBIFS stability and data integrity after downgrade to RouterOS v6 and upgrade to RouterOS v7;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - added GPS package support for Chateau devices;
*) gps - fixed minor value unit typo;
*) ipsec - fixed IPsec IRQ initialization on startup on TILE;
*) ipsec - fixed printing of active peer statistics;
*) ipv6 - added "ra-preference" parameter support for RA;
*) ipv6 - fixed dynamic non link-local addresses displaying;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l2tp - added VRF support for L2TP client;
*) l3hw - greatly improved route offloading speed;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved offloading in cases of HW table overflow for CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) l3hw - log HW routes count and the shortest offloaded subnet prefix if the HW memory gets full;
*) l3hw - offload only main routing table;
*) l3hw - optimized offloading when dealing with large volume of directly connected hosts;
*) l3hw - partial routing table offload for Marvell Prestera DX4000/DX8000 switch chip series;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lhgg - improved system stability (introduced in v7.2);
*) lora - do not allow setting non-existing forwarding server;
*) lora - fixed bogus TOO_EARLY errors;
*) lora - removed TX lookup table;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - allow only MCC/NMC format in "operator" parameter;
*) lte - clear SIM values when modem in "stopped" state;
*) lte - disabled extended signal info query for Telit LN940 module;
*) lte - disabled wait for LTE auto attach;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed LTE firwmare upgrade on RBLtAP-2HnD with R11e-LTE6;
*) lte - fixed Sierra MC7455 modem initialization;
*) lte - hide slave interfaces from export;
*) lte - improved LTE interface initialization process on LtAP-2HnD;
*) lte - improved stability when configuring multiple APN's at the same time in MBIM mode;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS MTU and path MTU selection;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) mpls - improved LDP AF selection process and behavior;
*) mpls - made LDP bindings work on PPP interfaces;
*) ntp - do not allow setting port number in "server" parameter;
*) ntp - fixed "use-local-clock" behavior when enabling server;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - ignore instance route when originate-default=if-installed is enabled;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - adjusted SHA2 authentication algorithm naming to allow legacy OpenVPN implementations to connect;
*) ovpn - fixed hardware offloading support on CHR;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - fixed server instance not responding to incoming connections after reboot on CHR;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - improved server stability under continous overload;
*) ovpn - improved service stability when outbound packets are blocked by firewall in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ovpn - moved authentication failure messages to "info" logging level;
*) ovpn - reply with the same IP address that the connection was established to;
*) ping - fixed socket allocation after VRF change;
*) port - do not loose "parity" setting;
*) ppp - added support for VRF;
*) ppp - added warning when using prefix length other than /64 for router advertisement;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed active sessions sometimes getting stuck;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) profile - added "wireguard" process classificator;
*) profile - added "zerotier" process classificator;
*) qsfp - reset module only when all ports are disabled;
*) queue - allow to set higher limits than 4G;
*) queue - display warning for CAKE type in simple and tree setups when "bandwidth" parameter is configured;
*) queue - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) resource - fixed CPU type display under system resources for ARM and ARM64;
*) romon - fixed VLAN tagged packet processing;
*) route - fixed "nexthop" table printing;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed IPv6 /127 route nexthop resolution;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) routerboard - fixed USB bus numbering on LtAP and M33G;
*) routerboot - added extra shortcut information on how to boot into etherboot;
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) sfp - added 2.5Gbps rate for SFP+ and QSFP+ interfaces on 98DXxxxx and 98PX1012 switches (requires disabled auto-negotiation);
*) sfp - hide empty monitor values in console;
*) sfp - improved Q/SFP interface initialization and stability for 98DXxxxx and 98PX1012 switches;
*) sfp - improved QSFP/SFP interface initialization for 98DXxxxx switches;
*) smb - fixed SMB2 file list reporting;
*) snmp - added VRF support (CLI only);
*) snmp - added VRF support;
*) snmp - fixed reported disk size when multiple external disks are attached;
*) snmp - hide Vendor ID in DHCP MIB when branding is present;
*) snmp - report "ifSpeed" as 0 if value out of bounds (use "ifHighSpeed" for high speed interfaces instead);
*) ssh - added AES-GCM cipher support;
*) ssh - fail non-interactive client after first invalid password;
*) ssh - fixed corrupt host key automatic regeneration;
*) ssh - fixed private key usage after downgrade;
*) ssh - removed DSA public key authentication support;
*) supout - added IGMP-Proxy section;
*) supout - added NTP servers section;
*) supout - added PIMSM section;
*) supout - added RIP section;
*) supout - added WireGuard section;
*) supout - added simplified IPv4 and IPv6 routing table prints;
*) switch - added option to match source and destination IP addresses in ARP packets for RB5009 (requires mac-protocol=arp setting);
*) switch - fixed missing stats from traffic-monitor for 98DXxxxx and 98PX1012 switches;
*) system - fixed IP service initialization in VRF after system startup;
*) system - fixed Kernel timer consistency;
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) torch - properly capture all related IPv6 traffic;
*) tr069-client - fixed RPC download of "1 Vendor Configuration File" with branding package;
*) tunnels - improved packet handling over EoIP, IPIP and GRE tunnels;
*) upnp - improved stability when processing incomplete HTTP header;
*) user-manager - added "Acct-Interim-Interval" to predefined attribute list;
*) user-manager - improved stability when received EAP attribute with non-existing state attribute;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) vpls - fixed TE transport path usage after startup;
*) vrrp - fixed learning of bridged local MAC addreses;
*) w60g - improved stability on Cube 60Pro ac and CubeSA 60Pro ac;
*) webfig - properly show all routing table content;
*) wifiwave2 - fixed VLAN tag handling;
*) wifiwave2 - general stability and throughput improvements;
*) winbox - added "Comment" parameter for BGP templates and connections;
*) winbox - added "Default Cost" parameter under "Routing/OSPF/Area" menu;
*) winbox - added "ra-preference" parameter under "IPv6/ND" menu;
*) winbox - added SKID and AKID parameters under "Certificate" menu;
*) winbox - added missing "IBGP", "EBGP", "Limit Exceeded" and "Stopped" parameters under "Routing/BGP/Sessions" menu;
*) winbox - added missing "Keep Sent Attributes" parameter under "Routing/BGP/Connection" menu;
*) winbox - added missing "Scan List" parameter for W60G interfaces;
*) winbox - added missing BGP session commands;
*) winbox - added support for 2.5Gbps and 100Gbps Ethernet speed options;
*) winbox - added warning message for LTE upgrade process;
*) winbox - do not auto start Wireless Sniffer when opened;
*) winbox - do not show "Session Uptime" parameter under "LTE" menu if not supported by modem;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - fixed "Disconnect Timeout" parameter type under "CAPsMAN" menu;
*) winbox - fixed "IP/Cloud" window refreshing after changes are detected;
*) winbox - fixed "Type" values under "IP/Route" menu;
*) winbox - fixed graph drawing in QuickSet;
*) winbox - fixed hex type values under "User Manager" menu;
*) winbox - fixed minor typo in reboot confirmation prompt;
*) winbox - fixed typo in ZeroTier instance title;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - made "MPLS Interface" table sortable under "MPLS" menu;
*) winbox - made 56 the default ping size;
*) winbox - made wireless access list entries sortable when using the wifiwave2 package;
*) winbox - minimal required version is v3.33;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IP/Firewall" menu;
*) winbox - moved "src-address-list" and "dst-address-list" parameters to "General" tab under "IPv6/Firewall" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - properly load band values under "LTE" menu;
*) winbox - removed obsolete "Routing Table" parameter under "IP/Firewall" menu;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show PVID column by default under "Bridge" menu;
*) winbox - show correct file system type under "System/Disks" menu;
*) winbox - take into account timezone for timed values under "User Manager" menu;
*) wireless - fixed "wmm-support=required" checking;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) x86 - added support for Solarflare SFC1920 NIC;
*) x86 - fixed soft-id reading on virtualized x86 installations (introduced in v7.2);
*) x86 - improved support for Intel E810 NIC;
*) zerotier - added support for Controller configuration;
Версия 7.2.3
2022-05-03
What's new in 7.2.3 (2022-May-02 18:18):
*) system - fixed RouterOS bootup when wifiwave2 package is installed (introduced in v7.2.2);
*) system - fixed RouterOS bootup when wifiwave2 package is installed (introduced in v7.2.2);
Версия 7.2.3
2022-05-03
What's new in 7.2.3 (2022-May-02 18:18):
*) system - fixed RouterOS bootup when wifiwave2 package is installed (introduced in v7.2.2);
*) system - fixed RouterOS bootup when wifiwave2 package is installed (introduced in v7.2.2);
Версия 7.2.3
2022-05-03
What's new in 7.2.3 (2022-May-02 18:18):
*) system - fixed RouterOS bootup when wifiwave2 package is installed (introduced in v7.2.2);
*) system - fixed RouterOS bootup when wifiwave2 package is installed (introduced in v7.2.2);
Версия 7.2.2
2022-05-02
What's new in 7.2.2 (2022-Apr-28 21:01):
*) bgp - added initial support for prefix limit;
*) bgp - improved stability when editing BGP template;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) crs3xx - fixed storm rate on 1Gbps interfaces for CRS354 devices;
*) defconf - suggest user to set up new password;
*) dhcpv4-server - fixed minor logging typo;
*) fetch - improved full disk detection;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed minor value unit typo;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - disabled wait for LTE auto attach;
*) lte - hide slave interfaces from export;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS MTU and path MTU selection;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ping - fixed socket allocation after VRF change;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed active sessions sometimes getting stuck;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) queues - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) supout - added RIP section;
*) system - fixed IP service initialization in VRF after system startup;
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) torch - properly capture all related IPv6 traffic;
*) upnp - improved stability when processing incomplete HTTP header;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) vrf - fixed VRF leaking;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - show PVID column by default under "Bridge" menu;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) ww2 - fixed VLAN tag handling;
*) x86 - improved support for i40e driver;
*) x86 - improved support for Intel E810 NIC;
*) bgp - added initial support for prefix limit;
*) bgp - improved stability when editing BGP template;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) crs3xx - fixed storm rate on 1Gbps interfaces for CRS354 devices;
*) defconf - suggest user to set up new password;
*) dhcpv4-server - fixed minor logging typo;
*) fetch - improved full disk detection;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed minor value unit typo;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - disabled wait for LTE auto attach;
*) lte - hide slave interfaces from export;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS MTU and path MTU selection;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ping - fixed socket allocation after VRF change;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed active sessions sometimes getting stuck;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) queues - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) supout - added RIP section;
*) system - fixed IP service initialization in VRF after system startup;
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) torch - properly capture all related IPv6 traffic;
*) upnp - improved stability when processing incomplete HTTP header;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) vrf - fixed VRF leaking;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - show PVID column by default under "Bridge" menu;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) ww2 - fixed VLAN tag handling;
*) x86 - improved support for i40e driver;
*) x86 - improved support for Intel E810 NIC;
Версия 7.2.2
2022-05-02
What's new in 7.2.2 (2022-Apr-28 21:01):
*) bgp - added initial support for prefix limit;
*) bgp - improved stability when editing BGP template;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) crs3xx - fixed storm rate on 1Gbps interfaces for CRS354 devices;
*) defconf - suggest user to set up new password;
*) dhcpv4-server - fixed minor logging typo;
*) fetch - improved full disk detection;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed minor value unit typo;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - disabled wait for LTE auto attach;
*) lte - hide slave interfaces from export;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS MTU and path MTU selection;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ping - fixed socket allocation after VRF change;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed active sessions sometimes getting stuck;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) queues - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) supout - added RIP section;
*) system - fixed IP service initialization in VRF after system startup;
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) torch - properly capture all related IPv6 traffic;
*) upnp - improved stability when processing incomplete HTTP header;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) vrf - fixed VRF leaking;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - show PVID column by default under "Bridge" menu;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) ww2 - fixed VLAN tag handling;
*) x86 - improved support for i40e driver;
*) x86 - improved support for Intel E810 NIC;
*) bgp - added initial support for prefix limit;
*) bgp - improved stability when editing BGP template;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) crs3xx - fixed storm rate on 1Gbps interfaces for CRS354 devices;
*) defconf - suggest user to set up new password;
*) dhcpv4-server - fixed minor logging typo;
*) fetch - improved full disk detection;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed minor value unit typo;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - disabled wait for LTE auto attach;
*) lte - hide slave interfaces from export;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS MTU and path MTU selection;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ping - fixed socket allocation after VRF change;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed active sessions sometimes getting stuck;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) queues - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) supout - added RIP section;
*) system - fixed IP service initialization in VRF after system startup;
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) torch - properly capture all related IPv6 traffic;
*) upnp - improved stability when processing incomplete HTTP header;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) vrf - fixed VRF leaking;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - show PVID column by default under "Bridge" menu;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) ww2 - fixed VLAN tag handling;
*) x86 - improved support for i40e driver;
*) x86 - improved support for Intel E810 NIC;
Версия 7.2.2
2022-05-02
What's new in 7.2.2 (2022-Apr-28 21:01):
*) bgp - added initial support for prefix limit;
*) bgp - improved stability when editing BGP template;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) crs3xx - fixed storm rate on 1Gbps interfaces for CRS354 devices;
*) defconf - suggest user to set up new password;
*) dhcpv4-server - fixed minor logging typo;
*) fetch - improved full disk detection;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed minor value unit typo;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - disabled wait for LTE auto attach;
*) lte - hide slave interfaces from export;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS MTU and path MTU selection;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ping - fixed socket allocation after VRF change;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed active sessions sometimes getting stuck;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) queues - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) supout - added RIP section;
*) system - fixed IP service initialization in VRF after system startup;
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) torch - properly capture all related IPv6 traffic;
*) upnp - improved stability when processing incomplete HTTP header;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) vrf - fixed VRF leaking;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - show PVID column by default under "Bridge" menu;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) ww2 - fixed VLAN tag handling;
*) x86 - improved support for i40e driver;
*) x86 - improved support for Intel E810 NIC;
*) bgp - added initial support for prefix limit;
*) bgp - improved stability when editing BGP template;
*) bonding - fixed LACP flapping for RB5009 and CCR2004-16G-2S+ devices;
*) ccr - added visible "passthrough" flag for interfaces on CCR2004-1G-2XS-PCIe;
*) ccr - usability and stability improvements for passthrough interfaces on CCR2004-1G-2XS-PCIe;
*) cd-install - allow selecting on which drive to install RouterOS;
*) conntrack - limited full Connection Tracking warning to 1 message per minute;
*) crs3xx - fixed storm rate on 1Gbps interfaces for CRS354 devices;
*) defconf - suggest user to set up new password;
*) dhcpv4-server - fixed minor logging typo;
*) fetch - improved full disk detection;
*) filesystem - fixed possible boot failure on RB850Gx2 and RB1100AHx2;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed minor value unit typo;
*) ipv6 - removed bogus commands from IPv6 neighbors menu;
*) l3hw - improved offloading for directly connected hosts on CRS305, CRS326-24G-2S+, CRS328, CRS318, CRS310;
*) l3hw - improved route table offloading for CRS317, CRS309, CRS312, CRS326-24S+2Q+, CRS354, CRS5xx, CCR2x16 devices;
*) leds - fixed ethernet LED behavior on wAP R ac;
*) leds - fixed wireless related LED behavior with WW2 package;
*) lte - added SMS sending support for MBIM protocol;
*) lte - added support for generic PXA1802 based modems;
*) lte - disabled wait for LTE auto attach;
*) lte - hide slave interfaces from export;
*) lte - improved stability when upgrading LTE firmware on Chateau 5G;
*) mlag - fixed MAC address moving between bridge ports;
*) mpls - do MPLS forwarding for nexthops without mappings;
*) mpls - fixed MPLS MTU and path MTU selection;
*) mpls - fixed MPLS forwarding after any interface configuration parameter is changed;
*) ospf - fixed GRE interface compatibility with OSPF;
*) ospf - improved stability when enabling or removing interface-template entries;
*) ovpn - fixed memory leak on TILE architecture;
*) ovpn - fixed packet processing on MT7621A;
*) ovpn - improved Windows client disconnect procedure in UDP mode;
*) ovpn - improved service stability when processing frequent disconnects in UDP mode;
*) ovpn - improved stability when forwarding traffic on TILE;
*) ping - fixed socket allocation after VRF change;
*) ppp - fixed "remote-ipv6-prefix" parameter unsetting;
*) ppp - fixed active sessions sometimes getting stuck;
*) ppp - fixed issue with multiple active sessions when "only-one" is enabled;
*) queues - improved stability in large list of queue scenarios;
*) rb5009 - fixed 10G linking issues with Intel X520, XXV710 NICs;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed static routes in VRF becoming invalid after reboot;
*) route-filter - fixed community matchers;
*) rsvp-te - improved stability when "Resv" received for non-existing session;
*) supout - added RIP section;
*) system - fixed IP service initialization in VRF after system startup;
*) system - fixed rare partial loss of RouterOS configuration after package upgrade/downgrade/install/uninstall;
*) torch - properly capture all related IPv6 traffic;
*) upnp - improved stability when processing incomplete HTTP header;
*) vpls - fixed "pw-l2mtu" parameter usage;
*) vrf - fixed VRF leaking;
*) winbox - do not show "unknown" area under "Routing/OSPF/LSA" menu;
*) winbox - do not show type value for NXDOMAIN entries under "IP/DNS/Cache" menu;
*) winbox - made "Interface Templates" table sortable under "Routing/OSPF" menu;
*) winbox - properly clean up SFP module information after it is unplugged;
*) winbox - properly clean up disk after a failed file upload;
*) winbox - show PVID column by default under "Bridge" menu;
*) wireless - fixed EAP-TLS authentication;
*) wireless - fixed GUD version in 3gpp information;
*) ww2 - fixed VLAN tag handling;
*) x86 - improved support for i40e driver;
*) x86 - improved support for Intel E810 NIC;
Версия 7.2.1
2022-04-13
What's new in 7.2.1 (2022-Apr-13 09:01):
*) filesystem - improved long-term filesystem stability and data integrity;
*) filesystem - improved long-term filesystem stability and data integrity;
Версия 7.2.1
2022-04-13
What's new in 7.2.1 (2022-Apr-13 09:01):
*) filesystem - improved long-term filesystem stability and data integrity;
*) filesystem - improved long-term filesystem stability and data integrity;
Версия 7.2.1
2022-04-13
What's new in 7.2.1 (2022-Apr-13 09:01):
*) filesystem - improved long-term filesystem stability and data integrity;
*) filesystem - improved long-term filesystem stability and data integrity;
Версия 7.2
2022-04-05
What's new in 7.2 (2022-Mar-31 12:11):
*) api - accept "Content-Type" with specified charset;
*) arm - fixed "auto" CPU frequency setting;
*) arm - fixed "shutdown" command on hAP ac^2;
*) arm64 - improved Watchdog initiated reboot reason reporting;
*) arm64 - improved low disk space handling condition on upgrade;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) backup - fixed cloud backup's creation timezone;
*) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
*) bgp - do not export default BGP values;
*) bgp - fixed VPNv4 route sending to remote peer;
*) bgp - fixed link-local iBGP address selection;
*) bgp - fixed network advertisement from address-lists after reboot;
*) bgp - fixed routing table and BGP configuration order in export;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) bluetooth - allow to export device, advertiser and scanner configuration;
*) bluetooth - disable scanning by default;
*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
*) bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter and NAT "set-priority" action;
*) bridge - fixed filter and NAT "set-priority" on ARM64 devices;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) capsman - improved stability when running background scan on CAP;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
*) ccr2004 - improved system stability on CCR2004-12S+2XS;
*) certificate - allow to choose digest algorithm for CSR signing;
*) certificate - made "fingerprint" parameter read-only;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) clock - properly notify all instances about time changes;
*) conntrack - properly detect helper status;
*) console - fixed "print" command with additional "where" condition;
*) console - improved console responsiveness when processing received characters;
*) console - made "password" parameter mandatory when creating a new user;
*) console - properly erase CLI history after configuration reset;
*) console - updated copyright notice;
*) crs1xx/2xx - fixed static switch host addresses after link down;
*) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) crs3xx - fixed QSFP+ interface LEDs;
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
*) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) dhcpv4-server - allow adding comments;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
*) dhcpv6 - added VRF support;
*) dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
*) dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
*) dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
*) dude - fixed The Dude client compatibility with RouterOS v7;
*) dude - fixed The Dude compatibility with ARM64;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) firewall - improved available port lookup for source NAT when free port range is exhausted;
*) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
*) hotspot - fixed login page over HTTPS;
*) hotspot - fixed memory leak on every web page loading;
*) hotspot - fixed web page loading using HTTPS;
*) ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) ipsec - added hardware acceleration support for CCR2116;
*) ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
*) ipv6 - do not add duplicate dynamic prefix when static already exists;
*) ipv6 - fixed "retransmissit-interval" unit value;
*) ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
*) l2tp - fixed CHAP challenge packet processing over IPsec;
*) l2tp - improved service stability when disabling L2TP server with connected clients;
*) l2tp - improved system stability when processing L2TP control messages;
*) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
*) l3hw - fixed HW offloaded NAT;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
*) l3hw - fixed bonding source MAC address;
*) l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) led - fixed LED behavior on Audience;
*) led - reduced LTE signal LED range to -70;
*) leds - fixed user LED on RB750Gr3;
*) log - added warning message when connection tracking table is full;
*) log - include message also in e-mail body;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - add IPv6 address on interface as well;
*) lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - added support for Uplink CA reporting;
*) lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
*) lte - do not loose "band" configuration after reboot on Chateau 5G;
*) lte - do not show external antenna selector on devices that does not support it;
*) lte - enabled multi-APN and name re-use support for Chateau;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed "monitor" command to not report old info;
*) lte - fixed AT command response handling on R11e-LTE;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed MBIM modem reset on AT timeout;
*) lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
*) lte - fixed support for Sierra MC7710;
*) lte - fixed support for Telit 960;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - improved stability when modem disappears during firmware upgrade;
*) lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ntp - improved service stability when none of the NTP servers are reachable for a while;
*) ntp - improved source address usage for reply packets;
*) ntp - print log change time with time-zone applied;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed MD5 authentication;
*) ospf - fixed NBMA hello's not being sent if priority is set to 0;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed default type-3 LSA's not being injected to stub area;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ospf - fixed incorrect LSA types when changing area types;
*) ospf - fixed neighbor election failure;
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - general stability improvements;
*) ospf - improved DB retransmit logging;
*) ospf - improved logging;
*) ospf - improved overall stability;
*) ospf - improved stability for very large LSDB;
*) ospf - improved stability on OSPFv3 instance disabling;
*) ospf - improved stability when DR goes down;
*) ospf - improves stability when handling looped back OSPF packets;
*) ospf - properly set VRF for gateway;
*) ospf - send notifies for neighbors;
*) ovpn - added SHA2 authentication algorithm support;
*) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
*) ovpn - added option to send disconnect message in UDP mode;
*) ovpn - fixed large option message parsing;
*) ovpn - improved UDP session handling;
*) ovpn - improved memory allocation on Tile in "ethernet" mode;
*) ovpn - improved system stability in high load scenarios;
*) pimsm - fixed menu prints;
*) pimsm - general stability improvements;
*) poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
*) poe - update PoE firmware only on devices that support it;
*) ppp - added "comment" option for PPPoE servers;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) ppp - show local and remote IPv6 addresses (CLI only);
*) pppoe - added option to configure "host-uniq" parameter;
*) pppoe - added option to ignore PADI messages with empty service name;
*) pppoe - use default MTU of 1492;
*) pptp - added insecure connection warning;
*) pptp - show insecure connection warning on dynamic interfaces;
*) qsfp - correctly display auto-negotiation status;
*) queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
*) queue - improved system stability when processing traffic;
*) queue - improved system stability when using more than 255 unique packet marks;
*) rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
*) rip - added logging;
*) rip - fixed route metrics;
*) rip - fixed route redistribution;
*) rip - use nexthop with interface;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - fixed "min-prefix" configuration when set to 0;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed BGP atomic aggregate value;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed ECMP route removal;
*) route - fixed route addition to VRF from BGP;
*) route - fixed router's LSA for PTP networks;
*) route - fixed routing configuration export on SMIPS devices;
*) route - general stability improvements;
*) route - improved routing table print speed;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed "return" action;
*) route-filter - fixed complex matchers with "|| or and &&";
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
*) route-filters - fixed possible address list race condition and memory leak;
*) route-filters - renamed "*-set" to "*-list";
*) routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
*) routerboard - fixed WPS button functionality on Audience;
*) routing - added PCAP viewer tool for BGP advertisements debugging purposes;
*) routing-filter - fixed "bgp-*-communities-empty" matcher;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) smb - fixed SMB2.0 disk size reporting;
*) smips - improved RAM allocation;
*) sms - increased "at-chat" timeout when sending SMS;
*) snmp - added SFP vendor name to optical table;
*) snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
*) snmp - allow two level nesting for vlan, bonding speed query;
*) socks - fixed SOCKS5 support;
*) ssh - fixed forwarding with IPv6 link-local addresses;
*) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
*) supout - added "port-controller" bridge section;
*) switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) switch - properly limit maximum number of switch rules to 256 on RB5009;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) tr069-client - accept 200-299 codes for HTTP diagnostics;
*) tr069-client - added support for 5G band configuration;
*) tr069-client - added support for wireless "skip-DFS" configuration;
*) tr069-client - added support for wireless client uptime reporting;
*) tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) traffic-generator - fixed transmit speed for multiple asymmetric streams;
*) upgrade - improved 404 error handling when checking for new versions;
*) upgrade - improved downgrade prompt message;
*) ups - fixed UPS support;
*) usb - fixed display of incorrect port count for USB serial ports;
*) user - removed obsolete "tikapp" policy;
*) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) vxlan - allow unsetting "group" and "interface" properties;
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) webfig - fixed default configuration popup presence;
*) webfig - fixed user policy lookup for skin designer;
*) wifiwave2 - added "client-isolation" feature;
*) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
*) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
*) winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
*) winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
*) winbox - added "Ignore Missing" selector to "System/Packages" menu;
*) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
*) winbox - added "Routing Table" parameter for IPv6 routes;
*) winbox - added "TLS Version" parameter for "Interface/OVPN";
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added "comment" parameter to "User Manager/Users" menu;
*) winbox - added "host-uniq" parameter to PPPoE client interface;
*) winbox - added MLAG support;
*) winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
*) winbox - added ZeroTier support;
*) winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
*) winbox - added interface list support for "IP/Traffic Flow" menu;
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
*) winbox - added support for "Tool/Speedtest" menu;
*) winbox - added support for W60G align tool;
*) winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
*) winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
*) winbox - do not require "name" and "file name" parameters for certificate import/export;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - do not show connection tracking table if it has more than 10000 entries;
*) winbox - fixed "00:00:00" time printing;
*) winbox - fixed "Switch" menu on Chateau devices;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed "expires-after" certificate parameter value;
*) winbox - fixed CHR License renewing process;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed error message when adding NTH rule with "0" value;
*) winbox - fixed minor typo under "LTE" interface menu;
*) winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
*) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
*) winbox - properly save "IPv6/Settings" menu in session file;
*) winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
*) winbox - properly update ethernet auto negotiation status on CHR;
*) winbox - properly update server list under "System/NTP Client/Servers" menu;
*) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
*) winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
*) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
*) winbox - report local terminal session as "local" instead of "telnet";
*) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
*) winbox - require non empty "Packet Mark" value under "Queues" menu;
*) winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
*) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
*) winbox - show "Routes" column by default under "PPP/Secrets" menu;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/SwOS" menu only on boards that have dual boot;
*) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
*) winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) winbox - use "total" as default value for "Tools/Profile";
*) wireguard - allow same peer's public key for different interfaces;
*) wireguard - fixed IPv6 LL address generation;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - made "preshared-key" and "private-key" values sensitive;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - added information about client signal strength to log messages about disconnections;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - fixed frequency range information for IPQ4019 interfaces;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) wireless - improved nv2 link stability;
*) wireless - improved wireless connection stability during background scans;
*) www - fixed "tls-version" for SSL;
*) x86 - added support for Intel E810 NIC;
*) x86 - allow to select disk for install image;
*) x86 - fixed NVME partition path;
*) x86 - fixed VLAN tagged packet transmit;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) zerotier - fixed IPv6 support;
*) zerotier - made MAC and MTU values read-only;
*) zerotier - properly handle IP address change;
*) api - accept "Content-Type" with specified charset;
*) arm - fixed "auto" CPU frequency setting;
*) arm - fixed "shutdown" command on hAP ac^2;
*) arm64 - improved Watchdog initiated reboot reason reporting;
*) arm64 - improved low disk space handling condition on upgrade;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) backup - fixed cloud backup's creation timezone;
*) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
*) bgp - do not export default BGP values;
*) bgp - fixed VPNv4 route sending to remote peer;
*) bgp - fixed link-local iBGP address selection;
*) bgp - fixed network advertisement from address-lists after reboot;
*) bgp - fixed routing table and BGP configuration order in export;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) bluetooth - allow to export device, advertiser and scanner configuration;
*) bluetooth - disable scanning by default;
*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
*) bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter and NAT "set-priority" action;
*) bridge - fixed filter and NAT "set-priority" on ARM64 devices;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) capsman - improved stability when running background scan on CAP;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
*) ccr2004 - improved system stability on CCR2004-12S+2XS;
*) certificate - allow to choose digest algorithm for CSR signing;
*) certificate - made "fingerprint" parameter read-only;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) clock - properly notify all instances about time changes;
*) conntrack - properly detect helper status;
*) console - fixed "print" command with additional "where" condition;
*) console - improved console responsiveness when processing received characters;
*) console - made "password" parameter mandatory when creating a new user;
*) console - properly erase CLI history after configuration reset;
*) console - updated copyright notice;
*) crs1xx/2xx - fixed static switch host addresses after link down;
*) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) crs3xx - fixed QSFP+ interface LEDs;
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
*) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) dhcpv4-server - allow adding comments;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
*) dhcpv6 - added VRF support;
*) dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
*) dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
*) dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
*) dude - fixed The Dude client compatibility with RouterOS v7;
*) dude - fixed The Dude compatibility with ARM64;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) firewall - improved available port lookup for source NAT when free port range is exhausted;
*) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
*) hotspot - fixed login page over HTTPS;
*) hotspot - fixed memory leak on every web page loading;
*) hotspot - fixed web page loading using HTTPS;
*) ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) ipsec - added hardware acceleration support for CCR2116;
*) ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
*) ipv6 - do not add duplicate dynamic prefix when static already exists;
*) ipv6 - fixed "retransmissit-interval" unit value;
*) ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
*) l2tp - fixed CHAP challenge packet processing over IPsec;
*) l2tp - improved service stability when disabling L2TP server with connected clients;
*) l2tp - improved system stability when processing L2TP control messages;
*) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
*) l3hw - fixed HW offloaded NAT;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
*) l3hw - fixed bonding source MAC address;
*) l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) led - fixed LED behavior on Audience;
*) led - reduced LTE signal LED range to -70;
*) leds - fixed user LED on RB750Gr3;
*) log - added warning message when connection tracking table is full;
*) log - include message also in e-mail body;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - add IPv6 address on interface as well;
*) lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - added support for Uplink CA reporting;
*) lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
*) lte - do not loose "band" configuration after reboot on Chateau 5G;
*) lte - do not show external antenna selector on devices that does not support it;
*) lte - enabled multi-APN and name re-use support for Chateau;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed "monitor" command to not report old info;
*) lte - fixed AT command response handling on R11e-LTE;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed MBIM modem reset on AT timeout;
*) lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
*) lte - fixed support for Sierra MC7710;
*) lte - fixed support for Telit 960;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - improved stability when modem disappears during firmware upgrade;
*) lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ntp - improved service stability when none of the NTP servers are reachable for a while;
*) ntp - improved source address usage for reply packets;
*) ntp - print log change time with time-zone applied;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed MD5 authentication;
*) ospf - fixed NBMA hello's not being sent if priority is set to 0;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed default type-3 LSA's not being injected to stub area;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ospf - fixed incorrect LSA types when changing area types;
*) ospf - fixed neighbor election failure;
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - general stability improvements;
*) ospf - improved DB retransmit logging;
*) ospf - improved logging;
*) ospf - improved overall stability;
*) ospf - improved stability for very large LSDB;
*) ospf - improved stability on OSPFv3 instance disabling;
*) ospf - improved stability when DR goes down;
*) ospf - improves stability when handling looped back OSPF packets;
*) ospf - properly set VRF for gateway;
*) ospf - send notifies for neighbors;
*) ovpn - added SHA2 authentication algorithm support;
*) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
*) ovpn - added option to send disconnect message in UDP mode;
*) ovpn - fixed large option message parsing;
*) ovpn - improved UDP session handling;
*) ovpn - improved memory allocation on Tile in "ethernet" mode;
*) ovpn - improved system stability in high load scenarios;
*) pimsm - fixed menu prints;
*) pimsm - general stability improvements;
*) poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
*) poe - update PoE firmware only on devices that support it;
*) ppp - added "comment" option for PPPoE servers;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) ppp - show local and remote IPv6 addresses (CLI only);
*) pppoe - added option to configure "host-uniq" parameter;
*) pppoe - added option to ignore PADI messages with empty service name;
*) pppoe - use default MTU of 1492;
*) pptp - added insecure connection warning;
*) pptp - show insecure connection warning on dynamic interfaces;
*) qsfp - correctly display auto-negotiation status;
*) queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
*) queue - improved system stability when processing traffic;
*) queue - improved system stability when using more than 255 unique packet marks;
*) rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
*) rip - added logging;
*) rip - fixed route metrics;
*) rip - fixed route redistribution;
*) rip - use nexthop with interface;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - fixed "min-prefix" configuration when set to 0;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed BGP atomic aggregate value;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed ECMP route removal;
*) route - fixed route addition to VRF from BGP;
*) route - fixed router's LSA for PTP networks;
*) route - fixed routing configuration export on SMIPS devices;
*) route - general stability improvements;
*) route - improved routing table print speed;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed "return" action;
*) route-filter - fixed complex matchers with "|| or and &&";
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
*) route-filters - fixed possible address list race condition and memory leak;
*) route-filters - renamed "*-set" to "*-list";
*) routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
*) routerboard - fixed WPS button functionality on Audience;
*) routing - added PCAP viewer tool for BGP advertisements debugging purposes;
*) routing-filter - fixed "bgp-*-communities-empty" matcher;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) smb - fixed SMB2.0 disk size reporting;
*) smips - improved RAM allocation;
*) sms - increased "at-chat" timeout when sending SMS;
*) snmp - added SFP vendor name to optical table;
*) snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
*) snmp - allow two level nesting for vlan, bonding speed query;
*) socks - fixed SOCKS5 support;
*) ssh - fixed forwarding with IPv6 link-local addresses;
*) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
*) supout - added "port-controller" bridge section;
*) switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) switch - properly limit maximum number of switch rules to 256 on RB5009;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) tr069-client - accept 200-299 codes for HTTP diagnostics;
*) tr069-client - added support for 5G band configuration;
*) tr069-client - added support for wireless "skip-DFS" configuration;
*) tr069-client - added support for wireless client uptime reporting;
*) tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) traffic-generator - fixed transmit speed for multiple asymmetric streams;
*) upgrade - improved 404 error handling when checking for new versions;
*) upgrade - improved downgrade prompt message;
*) ups - fixed UPS support;
*) usb - fixed display of incorrect port count for USB serial ports;
*) user - removed obsolete "tikapp" policy;
*) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) vxlan - allow unsetting "group" and "interface" properties;
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) webfig - fixed default configuration popup presence;
*) webfig - fixed user policy lookup for skin designer;
*) wifiwave2 - added "client-isolation" feature;
*) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
*) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
*) winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
*) winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
*) winbox - added "Ignore Missing" selector to "System/Packages" menu;
*) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
*) winbox - added "Routing Table" parameter for IPv6 routes;
*) winbox - added "TLS Version" parameter for "Interface/OVPN";
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added "comment" parameter to "User Manager/Users" menu;
*) winbox - added "host-uniq" parameter to PPPoE client interface;
*) winbox - added MLAG support;
*) winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
*) winbox - added ZeroTier support;
*) winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
*) winbox - added interface list support for "IP/Traffic Flow" menu;
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
*) winbox - added support for "Tool/Speedtest" menu;
*) winbox - added support for W60G align tool;
*) winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
*) winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
*) winbox - do not require "name" and "file name" parameters for certificate import/export;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - do not show connection tracking table if it has more than 10000 entries;
*) winbox - fixed "00:00:00" time printing;
*) winbox - fixed "Switch" menu on Chateau devices;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed "expires-after" certificate parameter value;
*) winbox - fixed CHR License renewing process;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed error message when adding NTH rule with "0" value;
*) winbox - fixed minor typo under "LTE" interface menu;
*) winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
*) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
*) winbox - properly save "IPv6/Settings" menu in session file;
*) winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
*) winbox - properly update ethernet auto negotiation status on CHR;
*) winbox - properly update server list under "System/NTP Client/Servers" menu;
*) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
*) winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
*) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
*) winbox - report local terminal session as "local" instead of "telnet";
*) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
*) winbox - require non empty "Packet Mark" value under "Queues" menu;
*) winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
*) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
*) winbox - show "Routes" column by default under "PPP/Secrets" menu;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/SwOS" menu only on boards that have dual boot;
*) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
*) winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) winbox - use "total" as default value for "Tools/Profile";
*) wireguard - allow same peer's public key for different interfaces;
*) wireguard - fixed IPv6 LL address generation;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - made "preshared-key" and "private-key" values sensitive;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - added information about client signal strength to log messages about disconnections;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - fixed frequency range information for IPQ4019 interfaces;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) wireless - improved nv2 link stability;
*) wireless - improved wireless connection stability during background scans;
*) www - fixed "tls-version" for SSL;
*) x86 - added support for Intel E810 NIC;
*) x86 - allow to select disk for install image;
*) x86 - fixed NVME partition path;
*) x86 - fixed VLAN tagged packet transmit;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) zerotier - fixed IPv6 support;
*) zerotier - made MAC and MTU values read-only;
*) zerotier - properly handle IP address change;
Версия 7.2
2022-04-05
What's new in 7.2 (2022-Mar-31 12:11):
*) api - accept "Content-Type" with specified charset;
*) arm - fixed "auto" CPU frequency setting;
*) arm - fixed "shutdown" command on hAP ac^2;
*) arm64 - improved Watchdog initiated reboot reason reporting;
*) arm64 - improved low disk space handling condition on upgrade;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) backup - fixed cloud backup's creation timezone;
*) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
*) bgp - do not export default BGP values;
*) bgp - fixed VPNv4 route sending to remote peer;
*) bgp - fixed link-local iBGP address selection;
*) bgp - fixed network advertisement from address-lists after reboot;
*) bgp - fixed routing table and BGP configuration order in export;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) bluetooth - allow to export device, advertiser and scanner configuration;
*) bluetooth - disable scanning by default;
*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
*) bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter and NAT "set-priority" action;
*) bridge - fixed filter and NAT "set-priority" on ARM64 devices;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) capsman - improved stability when running background scan on CAP;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
*) ccr2004 - improved system stability on CCR2004-12S+2XS;
*) certificate - allow to choose digest algorithm for CSR signing;
*) certificate - made "fingerprint" parameter read-only;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) clock - properly notify all instances about time changes;
*) conntrack - properly detect helper status;
*) console - fixed "print" command with additional "where" condition;
*) console - improved console responsiveness when processing received characters;
*) console - made "password" parameter mandatory when creating a new user;
*) console - properly erase CLI history after configuration reset;
*) console - updated copyright notice;
*) crs1xx/2xx - fixed static switch host addresses after link down;
*) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) crs3xx - fixed QSFP+ interface LEDs;
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
*) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) dhcpv4-server - allow adding comments;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
*) dhcpv6 - added VRF support;
*) dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
*) dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
*) dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
*) dude - fixed The Dude client compatibility with RouterOS v7;
*) dude - fixed The Dude compatibility with ARM64;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) firewall - improved available port lookup for source NAT when free port range is exhausted;
*) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
*) hotspot - fixed login page over HTTPS;
*) hotspot - fixed memory leak on every web page loading;
*) hotspot - fixed web page loading using HTTPS;
*) ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) ipsec - added hardware acceleration support for CCR2116;
*) ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
*) ipv6 - do not add duplicate dynamic prefix when static already exists;
*) ipv6 - fixed "retransmissit-interval" unit value;
*) ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
*) l2tp - fixed CHAP challenge packet processing over IPsec;
*) l2tp - improved service stability when disabling L2TP server with connected clients;
*) l2tp - improved system stability when processing L2TP control messages;
*) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
*) l3hw - fixed HW offloaded NAT;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
*) l3hw - fixed bonding source MAC address;
*) l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) led - fixed LED behavior on Audience;
*) led - reduced LTE signal LED range to -70;
*) leds - fixed user LED on RB750Gr3;
*) log - added warning message when connection tracking table is full;
*) log - include message also in e-mail body;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - add IPv6 address on interface as well;
*) lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - added support for Uplink CA reporting;
*) lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
*) lte - do not loose "band" configuration after reboot on Chateau 5G;
*) lte - do not show external antenna selector on devices that does not support it;
*) lte - enabled multi-APN and name re-use support for Chateau;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed "monitor" command to not report old info;
*) lte - fixed AT command response handling on R11e-LTE;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed MBIM modem reset on AT timeout;
*) lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
*) lte - fixed support for Sierra MC7710;
*) lte - fixed support for Telit 960;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - improved stability when modem disappears during firmware upgrade;
*) lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ntp - improved service stability when none of the NTP servers are reachable for a while;
*) ntp - improved source address usage for reply packets;
*) ntp - print log change time with time-zone applied;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed MD5 authentication;
*) ospf - fixed NBMA hello's not being sent if priority is set to 0;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed default type-3 LSA's not being injected to stub area;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ospf - fixed incorrect LSA types when changing area types;
*) ospf - fixed neighbor election failure;
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - general stability improvements;
*) ospf - improved DB retransmit logging;
*) ospf - improved logging;
*) ospf - improved overall stability;
*) ospf - improved stability for very large LSDB;
*) ospf - improved stability on OSPFv3 instance disabling;
*) ospf - improved stability when DR goes down;
*) ospf - improves stability when handling looped back OSPF packets;
*) ospf - properly set VRF for gateway;
*) ospf - send notifies for neighbors;
*) ovpn - added SHA2 authentication algorithm support;
*) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
*) ovpn - added option to send disconnect message in UDP mode;
*) ovpn - fixed large option message parsing;
*) ovpn - improved UDP session handling;
*) ovpn - improved memory allocation on Tile in "ethernet" mode;
*) ovpn - improved system stability in high load scenarios;
*) pimsm - fixed menu prints;
*) pimsm - general stability improvements;
*) poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
*) poe - update PoE firmware only on devices that support it;
*) ppp - added "comment" option for PPPoE servers;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) ppp - show local and remote IPv6 addresses (CLI only);
*) pppoe - added option to configure "host-uniq" parameter;
*) pppoe - added option to ignore PADI messages with empty service name;
*) pppoe - use default MTU of 1492;
*) pptp - added insecure connection warning;
*) pptp - show insecure connection warning on dynamic interfaces;
*) qsfp - correctly display auto-negotiation status;
*) queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
*) queue - improved system stability when processing traffic;
*) queue - improved system stability when using more than 255 unique packet marks;
*) rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
*) rip - added logging;
*) rip - fixed route metrics;
*) rip - fixed route redistribution;
*) rip - use nexthop with interface;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - fixed "min-prefix" configuration when set to 0;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed BGP atomic aggregate value;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed ECMP route removal;
*) route - fixed route addition to VRF from BGP;
*) route - fixed router's LSA for PTP networks;
*) route - fixed routing configuration export on SMIPS devices;
*) route - general stability improvements;
*) route - improved routing table print speed;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed "return" action;
*) route-filter - fixed complex matchers with "|| or and &&";
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
*) route-filters - fixed possible address list race condition and memory leak;
*) route-filters - renamed "*-set" to "*-list";
*) routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
*) routerboard - fixed WPS button functionality on Audience;
*) routing - added PCAP viewer tool for BGP advertisements debugging purposes;
*) routing-filter - fixed "bgp-*-communities-empty" matcher;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) smb - fixed SMB2.0 disk size reporting;
*) smips - improved RAM allocation;
*) sms - increased "at-chat" timeout when sending SMS;
*) snmp - added SFP vendor name to optical table;
*) snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
*) snmp - allow two level nesting for vlan, bonding speed query;
*) socks - fixed SOCKS5 support;
*) ssh - fixed forwarding with IPv6 link-local addresses;
*) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
*) supout - added "port-controller" bridge section;
*) switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) switch - properly limit maximum number of switch rules to 256 on RB5009;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) tr069-client - accept 200-299 codes for HTTP diagnostics;
*) tr069-client - added support for 5G band configuration;
*) tr069-client - added support for wireless "skip-DFS" configuration;
*) tr069-client - added support for wireless client uptime reporting;
*) tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) traffic-generator - fixed transmit speed for multiple asymmetric streams;
*) upgrade - improved 404 error handling when checking for new versions;
*) upgrade - improved downgrade prompt message;
*) ups - fixed UPS support;
*) usb - fixed display of incorrect port count for USB serial ports;
*) user - removed obsolete "tikapp" policy;
*) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) vxlan - allow unsetting "group" and "interface" properties;
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) webfig - fixed default configuration popup presence;
*) webfig - fixed user policy lookup for skin designer;
*) wifiwave2 - added "client-isolation" feature;
*) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
*) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
*) winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
*) winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
*) winbox - added "Ignore Missing" selector to "System/Packages" menu;
*) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
*) winbox - added "Routing Table" parameter for IPv6 routes;
*) winbox - added "TLS Version" parameter for "Interface/OVPN";
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added "comment" parameter to "User Manager/Users" menu;
*) winbox - added "host-uniq" parameter to PPPoE client interface;
*) winbox - added MLAG support;
*) winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
*) winbox - added ZeroTier support;
*) winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
*) winbox - added interface list support for "IP/Traffic Flow" menu;
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
*) winbox - added support for "Tool/Speedtest" menu;
*) winbox - added support for W60G align tool;
*) winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
*) winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
*) winbox - do not require "name" and "file name" parameters for certificate import/export;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - do not show connection tracking table if it has more than 10000 entries;
*) winbox - fixed "00:00:00" time printing;
*) winbox - fixed "Switch" menu on Chateau devices;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed "expires-after" certificate parameter value;
*) winbox - fixed CHR License renewing process;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed error message when adding NTH rule with "0" value;
*) winbox - fixed minor typo under "LTE" interface menu;
*) winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
*) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
*) winbox - properly save "IPv6/Settings" menu in session file;
*) winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
*) winbox - properly update ethernet auto negotiation status on CHR;
*) winbox - properly update server list under "System/NTP Client/Servers" menu;
*) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
*) winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
*) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
*) winbox - report local terminal session as "local" instead of "telnet";
*) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
*) winbox - require non empty "Packet Mark" value under "Queues" menu;
*) winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
*) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
*) winbox - show "Routes" column by default under "PPP/Secrets" menu;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/SwOS" menu only on boards that have dual boot;
*) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
*) winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) winbox - use "total" as default value for "Tools/Profile";
*) wireguard - allow same peer's public key for different interfaces;
*) wireguard - fixed IPv6 LL address generation;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - made "preshared-key" and "private-key" values sensitive;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - added information about client signal strength to log messages about disconnections;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - fixed frequency range information for IPQ4019 interfaces;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) wireless - improved nv2 link stability;
*) wireless - improved wireless connection stability during background scans;
*) www - fixed "tls-version" for SSL;
*) x86 - added support for Intel E810 NIC;
*) x86 - allow to select disk for install image;
*) x86 - fixed NVME partition path;
*) x86 - fixed VLAN tagged packet transmit;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) zerotier - fixed IPv6 support;
*) zerotier - made MAC and MTU values read-only;
*) zerotier - properly handle IP address change;
*) api - accept "Content-Type" with specified charset;
*) arm - fixed "auto" CPU frequency setting;
*) arm - fixed "shutdown" command on hAP ac^2;
*) arm64 - improved Watchdog initiated reboot reason reporting;
*) arm64 - improved low disk space handling condition on upgrade;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) backup - fixed cloud backup's creation timezone;
*) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
*) bgp - do not export default BGP values;
*) bgp - fixed VPNv4 route sending to remote peer;
*) bgp - fixed link-local iBGP address selection;
*) bgp - fixed network advertisement from address-lists after reboot;
*) bgp - fixed routing table and BGP configuration order in export;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) bluetooth - allow to export device, advertiser and scanner configuration;
*) bluetooth - disable scanning by default;
*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
*) bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter and NAT "set-priority" action;
*) bridge - fixed filter and NAT "set-priority" on ARM64 devices;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) capsman - improved stability when running background scan on CAP;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
*) ccr2004 - improved system stability on CCR2004-12S+2XS;
*) certificate - allow to choose digest algorithm for CSR signing;
*) certificate - made "fingerprint" parameter read-only;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) clock - properly notify all instances about time changes;
*) conntrack - properly detect helper status;
*) console - fixed "print" command with additional "where" condition;
*) console - improved console responsiveness when processing received characters;
*) console - made "password" parameter mandatory when creating a new user;
*) console - properly erase CLI history after configuration reset;
*) console - updated copyright notice;
*) crs1xx/2xx - fixed static switch host addresses after link down;
*) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) crs3xx - fixed QSFP+ interface LEDs;
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
*) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) dhcpv4-server - allow adding comments;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
*) dhcpv6 - added VRF support;
*) dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
*) dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
*) dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
*) dude - fixed The Dude client compatibility with RouterOS v7;
*) dude - fixed The Dude compatibility with ARM64;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) firewall - improved available port lookup for source NAT when free port range is exhausted;
*) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
*) hotspot - fixed login page over HTTPS;
*) hotspot - fixed memory leak on every web page loading;
*) hotspot - fixed web page loading using HTTPS;
*) ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) ipsec - added hardware acceleration support for CCR2116;
*) ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
*) ipv6 - do not add duplicate dynamic prefix when static already exists;
*) ipv6 - fixed "retransmissit-interval" unit value;
*) ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
*) l2tp - fixed CHAP challenge packet processing over IPsec;
*) l2tp - improved service stability when disabling L2TP server with connected clients;
*) l2tp - improved system stability when processing L2TP control messages;
*) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
*) l3hw - fixed HW offloaded NAT;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
*) l3hw - fixed bonding source MAC address;
*) l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) led - fixed LED behavior on Audience;
*) led - reduced LTE signal LED range to -70;
*) leds - fixed user LED on RB750Gr3;
*) log - added warning message when connection tracking table is full;
*) log - include message also in e-mail body;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - add IPv6 address on interface as well;
*) lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - added support for Uplink CA reporting;
*) lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
*) lte - do not loose "band" configuration after reboot on Chateau 5G;
*) lte - do not show external antenna selector on devices that does not support it;
*) lte - enabled multi-APN and name re-use support for Chateau;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed "monitor" command to not report old info;
*) lte - fixed AT command response handling on R11e-LTE;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed MBIM modem reset on AT timeout;
*) lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
*) lte - fixed support for Sierra MC7710;
*) lte - fixed support for Telit 960;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - improved stability when modem disappears during firmware upgrade;
*) lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ntp - improved service stability when none of the NTP servers are reachable for a while;
*) ntp - improved source address usage for reply packets;
*) ntp - print log change time with time-zone applied;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed MD5 authentication;
*) ospf - fixed NBMA hello's not being sent if priority is set to 0;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed default type-3 LSA's not being injected to stub area;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ospf - fixed incorrect LSA types when changing area types;
*) ospf - fixed neighbor election failure;
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - general stability improvements;
*) ospf - improved DB retransmit logging;
*) ospf - improved logging;
*) ospf - improved overall stability;
*) ospf - improved stability for very large LSDB;
*) ospf - improved stability on OSPFv3 instance disabling;
*) ospf - improved stability when DR goes down;
*) ospf - improves stability when handling looped back OSPF packets;
*) ospf - properly set VRF for gateway;
*) ospf - send notifies for neighbors;
*) ovpn - added SHA2 authentication algorithm support;
*) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
*) ovpn - added option to send disconnect message in UDP mode;
*) ovpn - fixed large option message parsing;
*) ovpn - improved UDP session handling;
*) ovpn - improved memory allocation on Tile in "ethernet" mode;
*) ovpn - improved system stability in high load scenarios;
*) pimsm - fixed menu prints;
*) pimsm - general stability improvements;
*) poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
*) poe - update PoE firmware only on devices that support it;
*) ppp - added "comment" option for PPPoE servers;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) ppp - show local and remote IPv6 addresses (CLI only);
*) pppoe - added option to configure "host-uniq" parameter;
*) pppoe - added option to ignore PADI messages with empty service name;
*) pppoe - use default MTU of 1492;
*) pptp - added insecure connection warning;
*) pptp - show insecure connection warning on dynamic interfaces;
*) qsfp - correctly display auto-negotiation status;
*) queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
*) queue - improved system stability when processing traffic;
*) queue - improved system stability when using more than 255 unique packet marks;
*) rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
*) rip - added logging;
*) rip - fixed route metrics;
*) rip - fixed route redistribution;
*) rip - use nexthop with interface;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - fixed "min-prefix" configuration when set to 0;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed BGP atomic aggregate value;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed ECMP route removal;
*) route - fixed route addition to VRF from BGP;
*) route - fixed router's LSA for PTP networks;
*) route - fixed routing configuration export on SMIPS devices;
*) route - general stability improvements;
*) route - improved routing table print speed;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed "return" action;
*) route-filter - fixed complex matchers with "|| or and &&";
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
*) route-filters - fixed possible address list race condition and memory leak;
*) route-filters - renamed "*-set" to "*-list";
*) routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
*) routerboard - fixed WPS button functionality on Audience;
*) routing - added PCAP viewer tool for BGP advertisements debugging purposes;
*) routing-filter - fixed "bgp-*-communities-empty" matcher;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) smb - fixed SMB2.0 disk size reporting;
*) smips - improved RAM allocation;
*) sms - increased "at-chat" timeout when sending SMS;
*) snmp - added SFP vendor name to optical table;
*) snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
*) snmp - allow two level nesting for vlan, bonding speed query;
*) socks - fixed SOCKS5 support;
*) ssh - fixed forwarding with IPv6 link-local addresses;
*) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
*) supout - added "port-controller" bridge section;
*) switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) switch - properly limit maximum number of switch rules to 256 on RB5009;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) tr069-client - accept 200-299 codes for HTTP diagnostics;
*) tr069-client - added support for 5G band configuration;
*) tr069-client - added support for wireless "skip-DFS" configuration;
*) tr069-client - added support for wireless client uptime reporting;
*) tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) traffic-generator - fixed transmit speed for multiple asymmetric streams;
*) upgrade - improved 404 error handling when checking for new versions;
*) upgrade - improved downgrade prompt message;
*) ups - fixed UPS support;
*) usb - fixed display of incorrect port count for USB serial ports;
*) user - removed obsolete "tikapp" policy;
*) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) vxlan - allow unsetting "group" and "interface" properties;
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) webfig - fixed default configuration popup presence;
*) webfig - fixed user policy lookup for skin designer;
*) wifiwave2 - added "client-isolation" feature;
*) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
*) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
*) winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
*) winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
*) winbox - added "Ignore Missing" selector to "System/Packages" menu;
*) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
*) winbox - added "Routing Table" parameter for IPv6 routes;
*) winbox - added "TLS Version" parameter for "Interface/OVPN";
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added "comment" parameter to "User Manager/Users" menu;
*) winbox - added "host-uniq" parameter to PPPoE client interface;
*) winbox - added MLAG support;
*) winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
*) winbox - added ZeroTier support;
*) winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
*) winbox - added interface list support for "IP/Traffic Flow" menu;
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
*) winbox - added support for "Tool/Speedtest" menu;
*) winbox - added support for W60G align tool;
*) winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
*) winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
*) winbox - do not require "name" and "file name" parameters for certificate import/export;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - do not show connection tracking table if it has more than 10000 entries;
*) winbox - fixed "00:00:00" time printing;
*) winbox - fixed "Switch" menu on Chateau devices;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed "expires-after" certificate parameter value;
*) winbox - fixed CHR License renewing process;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed error message when adding NTH rule with "0" value;
*) winbox - fixed minor typo under "LTE" interface menu;
*) winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
*) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
*) winbox - properly save "IPv6/Settings" menu in session file;
*) winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
*) winbox - properly update ethernet auto negotiation status on CHR;
*) winbox - properly update server list under "System/NTP Client/Servers" menu;
*) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
*) winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
*) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
*) winbox - report local terminal session as "local" instead of "telnet";
*) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
*) winbox - require non empty "Packet Mark" value under "Queues" menu;
*) winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
*) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
*) winbox - show "Routes" column by default under "PPP/Secrets" menu;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/SwOS" menu only on boards that have dual boot;
*) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
*) winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) winbox - use "total" as default value for "Tools/Profile";
*) wireguard - allow same peer's public key for different interfaces;
*) wireguard - fixed IPv6 LL address generation;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - made "preshared-key" and "private-key" values sensitive;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - added information about client signal strength to log messages about disconnections;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - fixed frequency range information for IPQ4019 interfaces;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) wireless - improved nv2 link stability;
*) wireless - improved wireless connection stability during background scans;
*) www - fixed "tls-version" for SSL;
*) x86 - added support for Intel E810 NIC;
*) x86 - allow to select disk for install image;
*) x86 - fixed NVME partition path;
*) x86 - fixed VLAN tagged packet transmit;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) zerotier - fixed IPv6 support;
*) zerotier - made MAC and MTU values read-only;
*) zerotier - properly handle IP address change;
Версия 7.2
2022-04-05
What's new in 7.2 (2022-Mar-31 12:11):
*) api - accept "Content-Type" with specified charset;
*) arm - fixed "auto" CPU frequency setting;
*) arm - fixed "shutdown" command on hAP ac^2;
*) arm64 - improved Watchdog initiated reboot reason reporting;
*) arm64 - improved low disk space handling condition on upgrade;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) backup - fixed cloud backup's creation timezone;
*) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
*) bgp - do not export default BGP values;
*) bgp - fixed VPNv4 route sending to remote peer;
*) bgp - fixed link-local iBGP address selection;
*) bgp - fixed network advertisement from address-lists after reboot;
*) bgp - fixed routing table and BGP configuration order in export;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) bluetooth - allow to export device, advertiser and scanner configuration;
*) bluetooth - disable scanning by default;
*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
*) bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter and NAT "set-priority" action;
*) bridge - fixed filter and NAT "set-priority" on ARM64 devices;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) capsman - improved stability when running background scan on CAP;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
*) ccr2004 - improved system stability on CCR2004-12S+2XS;
*) certificate - allow to choose digest algorithm for CSR signing;
*) certificate - made "fingerprint" parameter read-only;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) clock - properly notify all instances about time changes;
*) conntrack - properly detect helper status;
*) console - fixed "print" command with additional "where" condition;
*) console - improved console responsiveness when processing received characters;
*) console - made "password" parameter mandatory when creating a new user;
*) console - properly erase CLI history after configuration reset;
*) console - updated copyright notice;
*) crs1xx/2xx - fixed static switch host addresses after link down;
*) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) crs3xx - fixed QSFP+ interface LEDs;
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
*) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) dhcpv4-server - allow adding comments;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
*) dhcpv6 - added VRF support;
*) dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
*) dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
*) dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
*) dude - fixed The Dude client compatibility with RouterOS v7;
*) dude - fixed The Dude compatibility with ARM64;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) firewall - improved available port lookup for source NAT when free port range is exhausted;
*) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
*) hotspot - fixed login page over HTTPS;
*) hotspot - fixed memory leak on every web page loading;
*) hotspot - fixed web page loading using HTTPS;
*) ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) ipsec - added hardware acceleration support for CCR2116;
*) ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
*) ipv6 - do not add duplicate dynamic prefix when static already exists;
*) ipv6 - fixed "retransmissit-interval" unit value;
*) ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
*) l2tp - fixed CHAP challenge packet processing over IPsec;
*) l2tp - improved service stability when disabling L2TP server with connected clients;
*) l2tp - improved system stability when processing L2TP control messages;
*) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
*) l3hw - fixed HW offloaded NAT;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
*) l3hw - fixed bonding source MAC address;
*) l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) led - fixed LED behavior on Audience;
*) led - reduced LTE signal LED range to -70;
*) leds - fixed user LED on RB750Gr3;
*) log - added warning message when connection tracking table is full;
*) log - include message also in e-mail body;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - add IPv6 address on interface as well;
*) lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - added support for Uplink CA reporting;
*) lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
*) lte - do not loose "band" configuration after reboot on Chateau 5G;
*) lte - do not show external antenna selector on devices that does not support it;
*) lte - enabled multi-APN and name re-use support for Chateau;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed "monitor" command to not report old info;
*) lte - fixed AT command response handling on R11e-LTE;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed MBIM modem reset on AT timeout;
*) lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
*) lte - fixed support for Sierra MC7710;
*) lte - fixed support for Telit 960;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - improved stability when modem disappears during firmware upgrade;
*) lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ntp - improved service stability when none of the NTP servers are reachable for a while;
*) ntp - improved source address usage for reply packets;
*) ntp - print log change time with time-zone applied;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed MD5 authentication;
*) ospf - fixed NBMA hello's not being sent if priority is set to 0;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed default type-3 LSA's not being injected to stub area;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ospf - fixed incorrect LSA types when changing area types;
*) ospf - fixed neighbor election failure;
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - general stability improvements;
*) ospf - improved DB retransmit logging;
*) ospf - improved logging;
*) ospf - improved overall stability;
*) ospf - improved stability for very large LSDB;
*) ospf - improved stability on OSPFv3 instance disabling;
*) ospf - improved stability when DR goes down;
*) ospf - improves stability when handling looped back OSPF packets;
*) ospf - properly set VRF for gateway;
*) ospf - send notifies for neighbors;
*) ovpn - added SHA2 authentication algorithm support;
*) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
*) ovpn - added option to send disconnect message in UDP mode;
*) ovpn - fixed large option message parsing;
*) ovpn - improved UDP session handling;
*) ovpn - improved memory allocation on Tile in "ethernet" mode;
*) ovpn - improved system stability in high load scenarios;
*) pimsm - fixed menu prints;
*) pimsm - general stability improvements;
*) poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
*) poe - update PoE firmware only on devices that support it;
*) ppp - added "comment" option for PPPoE servers;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) ppp - show local and remote IPv6 addresses (CLI only);
*) pppoe - added option to configure "host-uniq" parameter;
*) pppoe - added option to ignore PADI messages with empty service name;
*) pppoe - use default MTU of 1492;
*) pptp - added insecure connection warning;
*) pptp - show insecure connection warning on dynamic interfaces;
*) qsfp - correctly display auto-negotiation status;
*) queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
*) queue - improved system stability when processing traffic;
*) queue - improved system stability when using more than 255 unique packet marks;
*) rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
*) rip - added logging;
*) rip - fixed route metrics;
*) rip - fixed route redistribution;
*) rip - use nexthop with interface;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - fixed "min-prefix" configuration when set to 0;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed BGP atomic aggregate value;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed ECMP route removal;
*) route - fixed route addition to VRF from BGP;
*) route - fixed router's LSA for PTP networks;
*) route - fixed routing configuration export on SMIPS devices;
*) route - general stability improvements;
*) route - improved routing table print speed;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed "return" action;
*) route-filter - fixed complex matchers with "|| or and &&";
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
*) route-filters - fixed possible address list race condition and memory leak;
*) route-filters - renamed "*-set" to "*-list";
*) routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
*) routerboard - fixed WPS button functionality on Audience;
*) routing - added PCAP viewer tool for BGP advertisements debugging purposes;
*) routing-filter - fixed "bgp-*-communities-empty" matcher;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) smb - fixed SMB2.0 disk size reporting;
*) smips - improved RAM allocation;
*) sms - increased "at-chat" timeout when sending SMS;
*) snmp - added SFP vendor name to optical table;
*) snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
*) snmp - allow two level nesting for vlan, bonding speed query;
*) socks - fixed SOCKS5 support;
*) ssh - fixed forwarding with IPv6 link-local addresses;
*) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
*) supout - added "port-controller" bridge section;
*) switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) switch - properly limit maximum number of switch rules to 256 on RB5009;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) tr069-client - accept 200-299 codes for HTTP diagnostics;
*) tr069-client - added support for 5G band configuration;
*) tr069-client - added support for wireless "skip-DFS" configuration;
*) tr069-client - added support for wireless client uptime reporting;
*) tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) traffic-generator - fixed transmit speed for multiple asymmetric streams;
*) upgrade - improved 404 error handling when checking for new versions;
*) upgrade - improved downgrade prompt message;
*) ups - fixed UPS support;
*) usb - fixed display of incorrect port count for USB serial ports;
*) user - removed obsolete "tikapp" policy;
*) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) vxlan - allow unsetting "group" and "interface" properties;
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) webfig - fixed default configuration popup presence;
*) webfig - fixed user policy lookup for skin designer;
*) wifiwave2 - added "client-isolation" feature;
*) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
*) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
*) winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
*) winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
*) winbox - added "Ignore Missing" selector to "System/Packages" menu;
*) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
*) winbox - added "Routing Table" parameter for IPv6 routes;
*) winbox - added "TLS Version" parameter for "Interface/OVPN";
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added "comment" parameter to "User Manager/Users" menu;
*) winbox - added "host-uniq" parameter to PPPoE client interface;
*) winbox - added MLAG support;
*) winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
*) winbox - added ZeroTier support;
*) winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
*) winbox - added interface list support for "IP/Traffic Flow" menu;
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
*) winbox - added support for "Tool/Speedtest" menu;
*) winbox - added support for W60G align tool;
*) winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
*) winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
*) winbox - do not require "name" and "file name" parameters for certificate import/export;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - do not show connection tracking table if it has more than 10000 entries;
*) winbox - fixed "00:00:00" time printing;
*) winbox - fixed "Switch" menu on Chateau devices;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed "expires-after" certificate parameter value;
*) winbox - fixed CHR License renewing process;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed error message when adding NTH rule with "0" value;
*) winbox - fixed minor typo under "LTE" interface menu;
*) winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
*) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
*) winbox - properly save "IPv6/Settings" menu in session file;
*) winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
*) winbox - properly update ethernet auto negotiation status on CHR;
*) winbox - properly update server list under "System/NTP Client/Servers" menu;
*) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
*) winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
*) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
*) winbox - report local terminal session as "local" instead of "telnet";
*) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
*) winbox - require non empty "Packet Mark" value under "Queues" menu;
*) winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
*) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
*) winbox - show "Routes" column by default under "PPP/Secrets" menu;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/SwOS" menu only on boards that have dual boot;
*) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
*) winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) winbox - use "total" as default value for "Tools/Profile";
*) wireguard - allow same peer's public key for different interfaces;
*) wireguard - fixed IPv6 LL address generation;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - made "preshared-key" and "private-key" values sensitive;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - added information about client signal strength to log messages about disconnections;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - fixed frequency range information for IPQ4019 interfaces;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) wireless - improved nv2 link stability;
*) wireless - improved wireless connection stability during background scans;
*) www - fixed "tls-version" for SSL;
*) x86 - added support for Intel E810 NIC;
*) x86 - allow to select disk for install image;
*) x86 - fixed NVME partition path;
*) x86 - fixed VLAN tagged packet transmit;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) zerotier - fixed IPv6 support;
*) zerotier - made MAC and MTU values read-only;
*) zerotier - properly handle IP address change;
*) api - accept "Content-Type" with specified charset;
*) arm - fixed "auto" CPU frequency setting;
*) arm - fixed "shutdown" command on hAP ac^2;
*) arm64 - improved Watchdog initiated reboot reason reporting;
*) arm64 - improved low disk space handling condition on upgrade;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) backup - fixed cloud backup's creation timezone;
*) bgp - added BGP advertisements display (requires output.keep-sent-attributes to be set);
*) bgp - do not export default BGP values;
*) bgp - fixed VPNv4 route sending to remote peer;
*) bgp - fixed link-local iBGP address selection;
*) bgp - fixed network advertisement from address-lists after reboot;
*) bgp - fixed routing table and BGP configuration order in export;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) bluetooth - allow to export device, advertiser and scanner configuration;
*) bluetooth - disable scanning by default;
*) bridge - added fast-path and inter-VLAN routing FastTrack support when vlan-filtering is enabled;
*) bridge - fixed FastPath when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter and NAT "set-priority" action;
*) bridge - fixed filter and NAT "set-priority" on ARM64 devices;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed firewall "ingress-priority" matcher and "new-priority=from-ingress" action settings from VLAN tagged frames;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) capsman - improved stability when running background scan on CAP;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) ccr2004 - improved PCI timeout handling on CCR2004-1G-2XS-PCIe;
*) ccr2004 - improved system stability on CCR2004-12S+2XS;
*) certificate - allow to choose digest algorithm for CSR signing;
*) certificate - made "fingerprint" parameter read-only;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) clock - properly notify all instances about time changes;
*) conntrack - properly detect helper status;
*) console - fixed "print" command with additional "where" condition;
*) console - improved console responsiveness when processing received characters;
*) console - made "password" parameter mandatory when creating a new user;
*) console - properly erase CLI history after configuration reset;
*) console - updated copyright notice;
*) crs1xx/2xx - fixed static switch host addresses after link down;
*) crs1xx/2xx - ignore static bridge host addresses (switch unicast-fdb should be used instead);
*) crs3xx - fixed CPU load balancing for ARM dual core devices;
*) crs3xx - fixed QSFP+ interface LEDs;
*) crs3xx - fixed watchdog timer functionality;
*) crs3xx - improved SFP+ interface linking after reboot for CRS312 device;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - made "192.168.188.1/24" the default LAN IP address for LTE CPE devices;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcp-server - fixed statistics sending in "Accounting Stop" packets;
*) dhcp-server - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) dhcpv4-server - allow adding comments;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset offer counter when receiving offer from DHCP relay;
*) dhcpv6 - added VRF support;
*) dot1x - added "server-fail-vlan-id", "guest-vlan-id" and "reauth-timeout" settings for dot1x server;
*) dot1x - added "src-address", "src-mac-address" and "src-port" settings for dynamic switch rules;
*) dot1x - added NAS-Port-ID attribute for RADIUS Access-Request;
*) dude - fixed The Dude client compatibility with RouterOS v7;
*) dude - fixed The Dude compatibility with ARM64;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) firewall - improved available port lookup for source NAT when free port range is exhausted;
*) graphing - properly generate interface graph for traffic higher than 2.1Gbps;
*) hotspot - fixed login page over HTTPS;
*) hotspot - fixed memory leak on every web page loading;
*) hotspot - fixed web page loading using HTTPS;
*) ike2 - ignore "INITIAL-CONTACT" payload on responder when "send-initial-contact" is disabled;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) ipsec - added hardware acceleration support for CCR2116;
*) ipsec - fixed "identities" menu emptying after RouterOS upgrade/reboot;
*) ipv6 - do not add duplicate dynamic prefix when static already exists;
*) ipv6 - fixed "retransmissit-interval" unit value;
*) ipv6 - fixed VLAN tagged PPPoE packet receiving on RB5009;
*) l2tp - fixed CHAP challenge packet processing over IPsec;
*) l2tp - improved service stability when disabling L2TP server with connected clients;
*) l2tp - improved system stability when processing L2TP control messages;
*) l3hw - added HW offloaded FastTrack support for inter-VLAN routing;
*) l3hw - fixed HW offloaded NAT;
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed ICMP message when routed packet exceeds MTU and DF flag is set;
*) l3hw - fixed bonding source MAC address;
*) l3hw - fixed default route offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) l3hw - improved routing table offloading for CRS305, CRS326-24G-2S+, CRS328, netPower, netFiber devices;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) led - fixed LED behavior on Audience;
*) led - reduced LTE signal LED range to -70;
*) leds - fixed user LED on RB750Gr3;
*) log - added warning message when connection tracking table is full;
*) log - include message also in e-mail body;
*) lora - fixed "antenna-gain" parameter unit;
*) lte - add IPv6 address on interface as well;
*) lte - added 3 APN profile support and APN name re-using on R11e-LTE6;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added basic information support for Telit LM960 and LM940 in MBIM mode;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - added support for Uplink CA reporting;
*) lte - changed "CS/PS" registration type from "both" to "any" on R11e-LTE un R11e-LTE6;
*) lte - do not loose "band" configuration after reboot on Chateau 5G;
*) lte - do not show external antenna selector on devices that does not support it;
*) lte - enabled multi-APN and name re-use support for Chateau;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed "monitor" command to not report old info;
*) lte - fixed AT command response handling on R11e-LTE;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed MBIM modem reset on AT timeout;
*) lte - fixed link flapping when loosing cellular signal on R11e-LTE un R11e-LTE6;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) lte - fixed possible timeouts when sending SMS in LTE only mode on R11e-LTE;
*) lte - fixed support for Sierra MC7710;
*) lte - fixed support for Telit 960;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - improved stability when modem disappears during firmware upgrade;
*) lte - improved support for sending/receiving SMS in LTE only mode on R11e-LTE6;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ntp - improved service stability when none of the NTP servers are reachable for a while;
*) ntp - improved source address usage for reply packets;
*) ntp - print log change time with time-zone applied;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed MD5 authentication;
*) ospf - fixed NBMA hello's not being sent if priority is set to 0;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed default type-3 LSA's not being injected to stub area;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ospf - fixed incorrect LSA types when changing area types;
*) ospf - fixed neighbor election failure;
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - general stability improvements;
*) ospf - improved DB retransmit logging;
*) ospf - improved logging;
*) ospf - improved overall stability;
*) ospf - improved stability for very large LSDB;
*) ospf - improved stability on OSPFv3 instance disabling;
*) ospf - improved stability when DR goes down;
*) ospf - improves stability when handling looped back OSPF packets;
*) ospf - properly set VRF for gateway;
*) ospf - send notifies for neighbors;
*) ovpn - added SHA2 authentication algorithm support;
*) ovpn - added hardware acceleration support for IPQ4018/IPQ4019 and AL* series chipsets;
*) ovpn - added option to send disconnect message in UDP mode;
*) ovpn - fixed large option message parsing;
*) ovpn - improved UDP session handling;
*) ovpn - improved memory allocation on Tile in "ethernet" mode;
*) ovpn - improved system stability in high load scenarios;
*) pimsm - fixed menu prints;
*) pimsm - general stability improvements;
*) poe - fixed PoE driver loading on CRS354-48P-4S+2Q+;
*) poe - update PoE firmware only on devices that support it;
*) ppp - added "comment" option for PPPoE servers;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) ppp - show local and remote IPv6 addresses (CLI only);
*) pppoe - added option to configure "host-uniq" parameter;
*) pppoe - added option to ignore PADI messages with empty service name;
*) pppoe - use default MTU of 1492;
*) pptp - added insecure connection warning;
*) pptp - show insecure connection warning on dynamic interfaces;
*) qsfp - correctly display auto-negotiation status;
*) queue - fixed queued IPv6 traffic considered as "invalid" by Firewall;
*) queue - improved system stability when processing traffic;
*) queue - improved system stability when using more than 255 unique packet marks;
*) rb4011 - fixed jumbo frame processing on SFP+ port when using 1G module;
*) rip - added logging;
*) rip - fixed route metrics;
*) rip - fixed route redistribution;
*) rip - use nexthop with interface;
*) route - allow OSPF and RIP redistributed routes to be matched by routing filters;
*) route - fixed "min-prefix" configuration when set to 0;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed BGP atomic aggregate value;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed ECMP route removal;
*) route - fixed route addition to VRF from BGP;
*) route - fixed router's LSA for PTP networks;
*) route - fixed routing configuration export on SMIPS devices;
*) route - general stability improvements;
*) route - improved routing table print speed;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed "return" action;
*) route-filter - fixed complex matchers with "|| or and &&";
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) route-filters - allow to filter and modify default route if "originate-default" is set to "always";
*) route-filters - fixed possible address list race condition and memory leak;
*) route-filters - renamed "*-set" to "*-list";
*) routerboard - fixed "ether2" interface presence on some RBwAPGR devices;
*) routerboard - fixed WPS button functionality on Audience;
*) routing - added PCAP viewer tool for BGP advertisements debugging purposes;
*) routing-filter - fixed "bgp-*-communities-empty" matcher;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) smb - fixed SMB2.0 disk size reporting;
*) smips - improved RAM allocation;
*) sms - increased "at-chat" timeout when sending SMS;
*) snmp - added SFP vendor name to optical table;
*) snmp - added support for "ipv6AddrPrefixTable" and "ipv6RouteNumber" OID's;
*) snmp - allow two level nesting for vlan, bonding speed query;
*) socks - fixed SOCKS5 support;
*) ssh - fixed forwarding with IPv6 link-local addresses;
*) ssl - fixed CA certificate processing when "subjAltName" is marked as critical;
*) supout - added "port-controller" bridge section;
*) switch - added "rx-overflow" counter for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) switch - improved packet forwarding with enabled "cpu-flow-control" setting between different rate interfaces for 88E6393X (RB5009) and 88E6191X (CCR2004-16G-2S+) switch chips;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) switch - properly limit maximum number of switch rules to 256 on RB5009;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) tr069-client - accept 200-299 codes for HTTP diagnostics;
*) tr069-client - added support for 5G band configuration;
*) tr069-client - added support for wireless "skip-DFS" configuration;
*) tr069-client - added support for wireless client uptime reporting;
*) tr069-client - fixed RPC download of "3 Vendor Configuration File" with branding package;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) traffic-generator - fixed transmit speed for multiple asymmetric streams;
*) upgrade - improved 404 error handling when checking for new versions;
*) upgrade - improved downgrade prompt message;
*) ups - fixed UPS support;
*) usb - fixed display of incorrect port count for USB serial ports;
*) user - removed obsolete "tikapp" policy;
*) user - send "Class" attribute in "Accounting Request" when provided by RADIUS;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) vxlan - allow unsetting "group" and "interface" properties;
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) webfig - fixed default configuration popup presence;
*) webfig - fixed user policy lookup for skin designer;
*) wifiwave2 - added "client-isolation" feature;
*) wifiwave2 - added support for handling disconnect request messages from RADIUS servers;
*) wifiwave2 - fixed calling "scan" and "frequency-scan" commands through the API;
*) winbox - added "Disconnect Notify" checkbox to "Interface/OVPN Client" menu;
*) winbox - added "Freq. Usage" and "Scan" buttons for WifiWave2 interfaces;
*) winbox - added "Ignore Missing" selector to "System/Packages" menu;
*) winbox - added "Mode" parameter under "Wireless" menu with WifiWave2 package;
*) winbox - added "Routing Table" parameter for IPv6 routes;
*) winbox - added "TLS Version" parameter for "Interface/OVPN";
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added "comment" parameter to "User Manager/Users" menu;
*) winbox - added "host-uniq" parameter to PPPoE client interface;
*) winbox - added MLAG support;
*) winbox - added SHA256 and SHA512 "Auth" values for OVPN menu's;
*) winbox - added ZeroTier support;
*) winbox - added explicit "Upload" and "Download" names for "Bucket Size" parameters under "Queues" menu;
*) winbox - added interface list support for "IP/Traffic Flow" menu;
*) winbox - added local/remote CPU load parameters for "Bandwidth Test";
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) winbox - added missing "accounting", "interim-update" and "radius-password" parameters under "IP/DHCP Server" menu;
*) winbox - added support for "Tool/Speedtest" menu;
*) winbox - added support for W60G align tool;
*) winbox - allow adding more than 100 tagged/untagged interfaces under "Bridge/VLAN" menu;
*) winbox - allow configuring "VTEP" under "Interface/VXLAN" menu;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - changed "Accept Redirects" parameter type under "IPv6/Settings" menu;
*) winbox - do not require "name" and "file name" parameters for certificate import/export;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - do not show connection tracking table if it has more than 10000 entries;
*) winbox - fixed "00:00:00" time printing;
*) winbox - fixed "Switch" menu on Chateau devices;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed "expires-after" certificate parameter value;
*) winbox - fixed CHR License renewing process;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - fixed content filtering in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed entry order in "Tools/Packet Sniffer/Packets" menu;
*) winbox - fixed error message when adding NTH rule with "0" value;
*) winbox - fixed minor typo under "LTE" interface menu;
*) winbox - fixed switch related settings for MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) winbox - made "9" the default value for "Target" parameter under "IP/Traffic Flow" menu;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - moved IPv4 and IPv6 "Rules" menus under "Routing" menu;
*) winbox - properly limit "Disconnect Timeout" value under "CAPsMAN/Configuration" menu;
*) winbox - properly save "IPv6/Settings" menu in session file;
*) winbox - properly show "v" flag instead of "y" under "IP/Route" menu;
*) winbox - properly update ethernet auto negotiation status on CHR;
*) winbox - properly update server list under "System/NTP Client/Servers" menu;
*) winbox - renamed "Keep user configuration" to "Keep users" under "System/Reset Configuration" menu;
*) winbox - renamed "MBPS" to "Mbps" value unit name in "Tools/Traffic Generator" menu;
*) winbox - renamed "Revoked" parameter to "Revoked Time" under "System/Certificates" menu;
*) winbox - report local terminal session as "local" instead of "telnet";
*) winbox - require existing pool for "Address Pool" parameter under "IPv6/DHCP Server" menu;
*) winbox - require non empty "Packet Mark" value under "Queues" menu;
*) winbox - show "H" flag for offloaded connections in "IP/Firewall/Connections" menu;
*) winbox - show "Lost Ratio" column by default under "Tools/Traffic Generator" menu;
*) winbox - show "Routes" column by default under "PPP/Secrets" menu;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "System/SwOS" menu only on boards that have dual boot;
*) winbox - show additional columns by default for "Wireless" menu with WifiWave2 package;
*) winbox - sort "Address List" parameter values alphabetically in "IP/DHCP Server/Leases" menu;
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) winbox - use "total" as default value for "Tools/Profile";
*) wireguard - allow same peer's public key for different interfaces;
*) wireguard - fixed IPv6 LL address generation;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - made "preshared-key" and "private-key" values sensitive;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - added information about client signal strength to log messages about disconnections;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - fixed frequency range information for IPQ4019 interfaces;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) wireless - improved nv2 link stability;
*) wireless - improved wireless connection stability during background scans;
*) www - fixed "tls-version" for SSL;
*) x86 - added support for Intel E810 NIC;
*) x86 - allow to select disk for install image;
*) x86 - fixed NVME partition path;
*) x86 - fixed VLAN tagged packet transmit;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) zerotier - fixed IPv6 support;
*) zerotier - made MAC and MTU values read-only;
*) zerotier - properly handle IP address change;
Версия 7.11.2
2023-09-01
What's new in 7.11.2 (2023-Aug-31 16:55):
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.11.1);
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.11.1);
Версия 7.11.2
2023-09-01
What's new in 7.11.2 (2023-Aug-31 16:55):
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.11.1);
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.11.1);
Версия 7.11.2
2023-09-01
What's new in 7.11.2 (2023-Aug-31 16:55):
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.11.1);
*) dhcp - fixed DHCP server "authoritative" and "delay-threshold" settings (introduced in v7.11.1);
Версия 7.11.1
2023-08-31
What's new in 7.11.1 (2023-Aug-30 13:41):
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) console - improved stability and responsiveness;
*) dhcp - fixed DHCP server and relay related response delays;
*) ipsec - fixed IPSec policy when using modp3072;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) console - improved stability and responsiveness;
*) dhcp - fixed DHCP server and relay related response delays;
*) ipsec - fixed IPSec policy when using modp3072;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
Версия 7.11.1
2023-08-31
What's new in 7.11.1 (2023-Aug-30 13:41):
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) console - improved stability and responsiveness;
*) dhcp - fixed DHCP server and relay related response delays;
*) ipsec - fixed IPSec policy when using modp3072;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) console - improved stability and responsiveness;
*) dhcp - fixed DHCP server and relay related response delays;
*) ipsec - fixed IPSec policy when using modp3072;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
Версия 7.11.1
2023-08-31
What's new in 7.11.1 (2023-Aug-30 13:41):
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) console - improved stability and responsiveness;
*) dhcp - fixed DHCP server and relay related response delays;
*) ipsec - fixed IPSec policy when using modp3072;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
*) bridge - fixed fast-path forwarding with HW offloaded vlan-filtering (introduced in v7.11);
*) bridge - fixed untagged VLAN entry disable;
*) bridge - fixed vlan-filtering stability with HW and non-HW offloaded ports (introduced in v7.10);
*) bridge - improved system stability;
*) bridge - improved vlan-filtering bridge stability with CAPsMAN (introduced in v7.11);
*) console - improved stability and responsiveness;
*) dhcp - fixed DHCP server and relay related response delays;
*) ipsec - fixed IPSec policy when using modp3072;
*) lte - fixed startup race condition when SIM card is in "up" slot for LtAP mini;
Версия 7.11
2023-08-15
What's new in 7.11 (2023-Aug-15 09:33):
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - improved CRL download retry handling;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5821e "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) sms - increased wait time for modem startup;
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - improved CRL download retry handling;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5821e "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) sms - increased wait time for modem startup;
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11
2023-08-15
What's new in 7.11 (2023-Aug-15 09:33):
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - improved CRL download retry handling;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5821e "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) sms - increased wait time for modem startup;
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - improved CRL download retry handling;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5821e "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) sms - increased wait time for modem startup;
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.11
2023-08-15
What's new in 7.11 (2023-Aug-15 09:33):
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - improved CRL download retry handling;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5821e "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) sms - increased wait time for modem startup;
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
*) api - disallow executing commands without required parameters;
*) bfd - fixed "actual-tx-interval" value and added "remote-min-tx" (CLI only);
*) bfd - improved system stability;
*) bluetooth - added "decode-ad" command for decoding raw Bluetooth payloads (CLI only);
*) bluetooth - added "Peripheral devices" section which displays decoded Eddystone TLM and UID, iBeacon and MikroTik Bluetooth payloads;
*) bluetooth - added new AD structure type "service-data" for Bluetooth advertisement;
*) bridge - added more STP-related logging;
*) bridge - added warning when VLAN interface list contains ports that are not bridged;
*) bridge - fixed MAC learning on "switch-cpu" port with enabled FastPath;
*) bridge - fixed MSTP BPDU aging;
*) bridge - fixed MSTP synchronization after link down;
*) bridge - prevent bridging the VLAN interface created on the same bridge;
*) certificate - allow to import certificate with DNS name constraint;
*) certificate - fixed PEM import;
*) certificate - fixed trust store CRL link if generated on an older version (introduced in v7.7);
*) certificate - improved CRL download retry handling;
*) certificate - removed request for "passphrase" property on import;
*) certificate - require CRL presence when using "crl-use=yes" setting;
*) certificate - restored RSA with SHA512 support;
*) conntrack - fixed "active-ipv4" property;
*) console - added ":convert" command;
*) console - added default value for "rndstr" command (16 characters from 0-9a-zA-Z);
*) console - fixed incorrect date when printing "value-list" with multiple entries;
*) console - fixed minor typos;
*) console - fixed missing "parent" for script jobs (introduced in v7.9);
*) console - fixed missing return value for ping command in certain cases;
*) console - fixed printing interval when resizing terminal;
*) console - improved flag printing in certain menus;
*) console - improved stability and responsiveness;
*) console - improved stability when canceling console actions;
*) console - improved stability when using fullscreen editor;
*) console - improved timeout for certain commands and menus;
*) console - improved VPLS "cisco-id" argument validation;
*) container - added IPv6 support for VETH interface;
*) container - added option to use overlayfs layers;
*) container - adjust the ownership of volume mounts that fall outside the container's UID range;
*) container - fixed duplicate image name;
*) container - fixed IP address in container host file;
*) defconf - do not change admin password if resetting with "keep-users=yes";
*) dhcp-server - fixed setting "bootp-lease-time=lease-time";
*) discovery - fixed "lldp-med-net-policy-vlan" (introduced in v7.8);
*) dns - improved system stability when processing static DNS entries with specified address-list;
*) ethernet - fixed forced half-duplex 10/100 Mbps link speeds on CRS312 device;
*) ethernet - improved interface stability for CRS312 device;
*) fetch - improved timeout detection;
*) firewall - added warning when PCC divider argument is smaller than remainder;
*) firewall - fixed mangle "mark-connection" with "passthrough=yes" rule for TCP RST packets;
*) firewall - improved system stability when using "endpoint-independent-nat";
*) graphing - added paging support;
*) health - added more gradual control over fans for CRS3xx, CRS5xx, CCR2xxx devices;
*) health - fixed configuration export for "/system/health/settings" menu;
*) hotspot - allow number as a first symbol in the Hotspot server DNS name;
*) ike1 - fixed Phase 1 when using aggressive exchange mode (introduced in v7.10);
*) ike2 - improved SA rekeying reply process;
*) ike2 - improved system stability when closing phase1;
*) ike2 - improved system stability when making configuration changes on active setup;
*) ike2 - log "reply ignored" as non-debug log message;
*) ipsec - fixed public key export (introduced in v7.10);
*) ipsec - fixed signature authentication using secp521r1 certificate (introduced in v7.10);
*) ipsec - improved IKE2 rekey process;
*) ipsec - properly check ph2 approval validity when using IKE1 exchange mode;
*) l3hw - changed minimal supported values for "neigh-discovery-interval" and "neigh-keepalive-interval" properties;
*) l3hw - fixed /32 and /128 route offloading after nexthop change;
*) l3hw - fixed incorrect source MAC usage for offloaded bonding interface;
*) l3hw - improved system responsiveness during partial offloading;
*) l3hw - improved system stability during IPv6 route offloading;
*) l3hw - improved system stability;
*) led - fixed manually configured user LED for RB2011;
*) leds - blink red system-led when LTE is not connected to the network on D53 devices;
*) leds - fixed system-led color for "GSM EGPRS" RAT on D53 devices;
*) lora - added new EUI field;
*) lora - added uplink message filtering option using NetID or JoinEUI;
*) lora - moved LoRa service to IoT package;
*) lora - properly apply configuration changes when multiple LoRa cards are used;
*) lora - updated LoRa firmware for R11e-LR8, R11e-LR9 and R11e-LR2 cards;
*) lte - added "at-chat" support for Dell DW5821e-eSIM modem;
*) lte - added "at-chat" support for Dell DW5829 modem;
*) lte - added "at-chat" support for Fibocom L850-GL modem;
*) lte - added "at-chat" support for SIMCom 8202G modem;
*) lte - added "band" info to the "monitor" command for MBIM modems that support serving cell info reporting over MBIM;
*) lte - added extended support for Neoway N75 modem;
*) lte - fixed Dell DW5821e "at-chat" support;
*) lte - fixed LtAP mini default SIM slot "down" changeover to "up" after an upgrade (introduced in v7.10beta1);
*) lte - fixed NR SINR reporting for Chateau 5G;
*) lte - fixed R11e-LTE, R11e-LTE6 legacy 2G/3G RAT mode selection;
*) lte - fixed Telit LE910C4 "at-chat" support;
*) lte - improved initial interface startup time for SXT LTE 3-7;
*) lte - improved system stability when changing the "radio" state for MBIM modems;
*) lte - only listen to DHCP packets for LTE passtrough interface in auto mode when looking for the host;
*) modem - added initial support for BG77 modem DFOTA firmware update;
*) modem - changed Quectel EC25 portmap to expose DM (diag port), DM channel=0, GPS channel=1;
*) modem - fixed missing sender's last symbol in SMS inbox if the sender is an alphabetic string;
*) mpls - improved MPLS TCP performance;
*) mqtt - added more MQTT publish configuration options;
*) mqtt - added new MQTT subscribe feature;
*) netwatch - added "src-address" property;
*) netwatch - changed "thr-tcp-conn-time" argument to time interval;
*) ovpn - do not try to use the "bridge" setting from PPP/Profile, if the OVPN server is used in IP mode (introduced in v7.10);
*) ovpn - fixed OVPN server peer-id negotiation;
*) ovpn - fixed session-timeout when using UDP mode;
*) ovpn - improved key renegotiation process;
*) ovpn - include "connect-retry 1" and "reneg-sec" parameters into the OVPN configuration export file;
*) ovpn - properly close OVPN session on the server when client gets disconnected;
*) package - treat disabled packages as enabled during upgrade;
*) poe - fixed missing PoE configuration section under specific conditions;
*) poe-out - advertise LLDP power-mdi-long even if no power allocation was requested (introduced in v7.7);
*) pppoe - fixed PPPoE client trying to establish connection when parent interface is inactive;
*) profile - added "container" process classifier;
*) profile - properly classify "console" related processes;
*) qos-hw - keep VLAN priority in packets that are sent from CPU;
*) quickset - correctly apply configuration when using "DHCP Server Range" property;
*) resource - fixed erroneous CPU usage values;
*) rose-storage - added "scsi-scan" command (CLI only);
*) rose-storage - added disk stats for ramdisks;
*) rose-storage - fixed RAID 0 creation;
*) rose-storage - limit striped RAID element size to smallest disk size;
*) route - added comment for BFD configuration (CLI only);
*) route - convert BFD timers from milliseconds to microseconds after upgrade;
*) routerboard - fixed "gpio-function" setting on RBM33G ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboard - removed unnecessary serial port for netPower16P and hAP ax lite devices ("/system routerboard upgrade" required);
*) routerboot - increased etherboot bootp timeout to 40s on MIPSBE and MMIPS devices ("/system routerboard upgrade" required);
*) sfp - fixed incorrect optical SFP temperature readings (introduced in v7.10);
*) sfp - improved interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved optical QSFP interface handling for 98DX8332, 98DX3257, 98DX4310, 98DX8525 switches;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - reduce CPU load due to SFP interface handling for CCR2116, CCR2216, CCR2004-12S+2XS, CRS312, CRS518 devices (introduced in v7.9)
*) sms - increased wait time for modem startup;
*) ssh - fixed host public key export (introduced in v7.9);
*) ssh - fixed private key import (introduced in v7.9);
*) ssh - fixed SSH key agreement on the client side when ed25519 used under server settings;
*) ssh - fixed user RSA private key import;
*) switch - fixed "reset-counters" for "switch-cpu";
*) switch - fixed BPDU packet processing on MT7621, MT7531 with HW offloaded vlan-filtering;
*) switch - improved multicast packet forwarding on MT7621;
*) system - disallow setting a non-existing CPU core number for system IRQ;
*) system - increased maximum supported CPU core count to 512 on CHR and x86;
*) system - reduced RAM usage for SMIPS devices;
*) tftp - improved file name matching;
*) user - added "sensitive" policy requirement for SSH key and certificate export;
*) w60g - improved stability for Cube 60Pro ac and CubeSA 60Pro ac devices;
*) webfig - added option to enable wide view in item list;
*) webfig - fixed "Connect To" configuration changes for L2TP client;
*) webfig - fixed gray-out italic font for entries after enable;
*) webfig - use router time zone for date and time;
*) wifiwave2 - added "steering" parameters and menu to set up and monitor AP neighbor groups (CLI only);
*) wifiwave2 - added more information on roaming candidates to BSS transition management requests (802.11v) and neighbor report responses (802.11k);
*) wifiwave2 - added option to filter frames captured by the sniffer command (CLI only);
*) wifiwave2 - automatically add wifi interfaces to appropriate bridge VLAN when wireless clients with new VLAN IDs connect;
*) wifiwave2 - changed default behavior for handling duplicate client MAC addresses, added settings for changing it (CLI only);
*) wifiwave2 - enabled PMK caching with EAP authentication types;
*) wifiwave2 - fixed "reg-info" information for several countries;
*) wifiwave2 - fixed "security.sae-max-failure" rate not limiting authentications correctly in some cases;
*) wifiwave2 - fixed clearing CAPsMAN Common Name when disabling "lock-to-caps-man";
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - improved stability when changing interface settings;
*) wifiwave2 - improved stability when receiving malformed WPA3-PSK authentication frames;
*) wifiwave2 - make info log less verbose during client roaming (some info moved to wireless,debug log);
*) wifiwave2 - rename "reg-info" country argument from "Macedonia" to "North Macedonia";
*) wifiwave2 - use correct status code when rejecting WPA3-PSK re-association;
*) winbox - added missing status values for Ethernet and Cable Test;
*) winbox - added warning about non-running probe due to "startup-delay";
*) winbox - fixed "Storm Rate" property under "Switch/Port" menu;
*) winbox - fixed BGP affinity display;
*) winbox - fixed default "Ingress Filtering" value under "Bridge" menu;
*) winbox - improved supout.rif progress display;
*) winbox - rename "Group Master" property to "Group Authority" under "Interface/VRRP" menu;
*) wireguard - fixed peer connection using DNS name on IP change;
*) wireguard - fixed peer IPv6 "allowed-address" usage;
*) wireless - ignore EAPOL Logoff frames;
*) x86 - updated e1000 driver;
Версия 7.10.2
2023-07-12
What's new in 7.10.2 (2023-Jul-12 12:45):
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
Версия 7.10.2
2023-07-12
What's new in 7.10.2 (2023-Jul-12 12:45):
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
Версия 7.10.2
2023-07-12
What's new in 7.10.2 (2023-Jul-12 12:45):
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
*) wifiwave2 - fixed interface hangs on IPQ6010-based boards (introduced in v7.9);
Версия 7.10.1
2023-06-27
What's new in 7.10.1 (2023-Jun-27 12:03):
*) ovpn - fixed OVPN server peer-id negotiation;
*) webfig - use router time zone for date and time;
*) ovpn - fixed OVPN server peer-id negotiation;
*) webfig - use router time zone for date and time;
Версия 7.10.1
2023-06-27
What's new in 7.10.1 (2023-Jun-27 12:03):
*) ovpn - fixed OVPN server peer-id negotiation;
*) webfig - use router time zone for date and time;
*) ovpn - fixed OVPN server peer-id negotiation;
*) webfig - use router time zone for date and time;
Версия 7.10.1
2023-06-27
What's new in 7.10.1 (2023-Jun-27 12:03):
*) ovpn - fixed OVPN server peer-id negotiation;
*) webfig - use router time zone for date and time;
*) ovpn - fixed OVPN server peer-id negotiation;
*) webfig - use router time zone for date and time;
Версия 7.10
2023-06-15
What's new in 7.10 (2023-Jun-15 08:17):
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - other system stability improvements;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - other system stability improvements;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10
2023-06-15
What's new in 7.10 (2023-Jun-15 08:17):
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - other system stability improvements;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - other system stability improvements;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.10
2023-06-15
What's new in 7.10 (2023-Jun-15 08:17):
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - other system stability improvements;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
!) route - added BFD;
*) bgp - allow to filter BGP sessions by AFI;
*) bgp - changed default VPNv4 import distance to iBGP value (200);
*) bgp - do not check route distinguisher on import;
*) bgp - fixed "as-override" and rename to "output.as-override";
*) bgp - fixed "remove-private-as" and rename to "output.remove-private.as";
*) bgp - show address family in advertisements;
*) bgp - show approximate received prefix count by the session;
*) branding - fixed custom logo (introduced in v7.8);
*) bridge - fixed HW offloaded STP state on port disable;
*) bridge - fixed HW offloading for vlan-filtered bridge on devices with multiple switches (introduced in v7.8);
*) bridge - fixed incorrect host moving between ports with enabled FastPath;
*) certificate - fixed displaying of certificate serial number;
*) certificate - improved error reporting for Let's Encrypt certificate;
*) certificate - restore available "key-usage" property options;
*) conntrack - added read-only "active-ipv4" and "active-ipv6" fields to "/ip/firewall/connection/tracking" (CLI only);
*) console - added timeout error for configuration export;
*) console - changed time format according to ISO standard;
*) console - disable output when using "as-value" parameter;
*) console - fixed ":terminal inkey" input when resizing terminal;
*) console - fixed "print without-paging" output in some cases;
*) console - hide past commands with sensitive arguments;
*) console - improved stability when using command completion;
*) container - fixed "container pull" to support OCI manifest format;
*) container - fixed crash due to missing system directories;
*) container - improved default internal environment values;
*) defconf - allow to use device factory preset credentials in Flashfig and Netinstall configuration files;
*) defconf - fixed default configuration for RBSXTLTE3-7;
*) dhcp-server - fixed accounting on RADIUS interim update;
*) dhcpv4-server - added name for "IPv6-Only Preferred" option (108) in debug logs;
*) doh - less verbose logging;
*) firewall - added "endpoint-independent-nat" support;
*) firewall - added "nth" option for IPv6 firewall;
*) gps - expose GPS port for Quectel RM520N-GL;
*) ike2 - improved child SA delete request processing;
*) iot - added option to send Modbus function code commands directly from RouterOS (CLI only);
*) ipsec - added hardware acceleration support for IPQ-5010 (hAP ax lite);
*) ipsec - refactor public key authentication;
*) ipsec - removed "ec2n185" and "ec2n155" values from proposal configurations;
*) ipv6 - fixed IPv6 address removal;
*) l3hw - added "autorestart" option to L3HW settings;
*) l3hw - added advanced configuration options for fine-tuning the L3HW offload (l3hw-settings are cleared after upgrade or downgrade) (CLI only);
*) l3hw - added error message and reset "l3-hw-offloading=no" if L3HW driver fails to start;
*) l3hw - added monitoring options for L3HW utilization (CLI only);
*) l3hw - fixed /32 route deletion;
*) l3hw - fixed IPv6 ECMP route offloading;
*) l3hw - fixed offloading of /32 IPv4 and /128 IPv6 routes;
*) l3hw - fixed route table offloading during large volume of route updates;
*) l3hw - improved host and nexthop offloading;
*) l3hw - improved offloading of IPv6 hosts after L3HW driver restart;
*) l3hw - improved performance of partial offloading;
*) l3hw - improved route offloading after gateway change;
*) l3hw - improved system stability for partial routing table offload;
*) leds - fixed modem RAT mode indication on hAP ac^3 LTE6 WPS mode button LEDs;
*) lora - improved gateway card detection and upgrade logic;
*) lora - updated firmware version for LoRaWAN gateway (for R11e-LoRa8, R11e-LoRa9 cards);
*) lte - added serving cell query for MBIM modems with necessary MBIM extension;
*) lte - disable DHCP request filtering (UDP port 67) for Chateau 5G;
*) lte - fixed APN authentication for R11e-LTE6 modem;
*) lte - fixed Google Pixel 7 tethering support;
*) lte - improved MBIM modem firmware reported error handling when settings RAT modes;
*) lte - improved modem firmware upgrade stability for MBIM modems;
*) lte - improved stability for Chateau 5G LTE modem firmware upgrade;
*) lte - reduced SIM slot switchover time for MBIM modems with UUIC reset support;
*) lte - stop "cell-monitor" on LTE interface configuration change for MBIM modems;
*) mpls - added FastPath support;
*) netwatch - added warning about non-running probe due to "startup-delay" (CLI only);
*) ovpn - added initial support for V2 data transfer protocol;
*) ovpn - improved system stability;
*) poe - fixed bogous "poe-in-voltage" values when using DC jack for RB5009;
*) pppoe - fixed PPPoE client scan when server is sending PADO messages without Service-Name tag;
*) qos-hw - added QoS marking support for 98DXxxxx switches (CLI only);
*) qos-hw - renamed VLAN "priority" field to "pcp" to avoid confusion;
*) rose-storage - added support for multiple smb users and smb shares;
*) route - improved system stability when removing multicast forwarding entries;
*) routerboard - fixed memory test on CCR2116-12G-4S+ ("/system routerboard upgrade" required);
*) routerboard - improved RouterBOOT stability for Alpine CPUs ("/system routerboard upgrade" required);
*) routerboot - increased "preboot-etherboot" maximum value to 30 seconds ("/system routerboard upgrade" required);
*) scheduler - fixed incorrectly started scheduler during reboot or shutdown;
*) sfp - fixed "rate" monitor value for SFP interface on L009UiGS series devices;
*) sfp - fixed combo-ether link monitor for CRS328-4C-20S-4S+ switch;
*) sfp - fixed combo-sfp linking at 1G rate for CRS312 switch;
*) sfp - improved 10G interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 based switches;
*) sfp - improved module compatibility with bad EEPROM data for RB4011, RB5009, CCR2xxx, CRS312 and CRS518 devices;
*) sfp - improved Q/SFP interface stability for 98DX8208, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255, 98PX1012 switches;
*) sfp - improved SFP interface handling for RB4011, RB5009, CCR2xxx and CRS518 devices;
*) sfp - improved system stability with certain SFP modules for CCR2216 and CRS518 devices;
*) sfp - report EEPROM data even if "auto-init-failed" has occurred;
*) smb - improved SMB v1 operation;
*) sniffer - fixed large .pcap file limit;
*) snmp - added "engine-id-suffix" setting and display actual "engine-id" as read-only property;
*) snmp - added BGP peer table support IPv4 only (1.3.6.1.2.1.15.3.1);
*) snmp - added new "mtxrInterfaceStatsTxRx1024ToMax" OID to MIKROTIK-MIB;
*) ssh - added inline key "passphrase" property;
*) ssh - fixed RouterOS SSH client login when using a key (introduced in v7.9);
*) switch - added more precise "storm-rate" configuration options for 98DXxxxx switches (CLI only);
*) switch - fixed storm rate on 10G links for 98DX8208, 98DX8216, 98DX8212, 98DX8332, 98DX3257, 98DX4310, 98DX8525, 98DX3255 switches;
*) system - improved watchdog reporting in log after reboots for several ARM and ARM64 devices;
*) system - reduced RAM usage for SMIPS devices;
*) tile - fixed support for microSD card;
*) tr069 - added 5G SCC "SNR" parameter for modems that report it;
*) upgrade - do not run manual upgrade if some packages are missing;
*) ups - fixed updating of "battery-voltage" property;
*) vrrp - added warning if "sync-connection-tracking=yes" while the global connection tracking is inactive;
*) vrrp - added warning if the VRRP group is misconfigured;
*) vrrp - added warning if VRRP or its interface does not have an IP address;
*) vrrp - do not start connection synchronization if the global connection tracking is inactive;
*) vrrp - fixed issue where disabled VRRP interface is affecting group;
*) vrrp - fixed VRRP interface state on physical cable disconnection;
*) vrrp - improved system stability on changing "group-authority" or "sync-connection-tracking";
*) vrrp - renamed "group-master" to "group-authority" to avoid confusion with VRRP master;
*) vrrp - send VRRP announcements only by "group-authority";
*) w60g - improved interface stability for PTMP setups;
*) webfig - added high-resolution favicon;
*) webfig - allow limitless upper bounds for number range;
*) webfig - allow to set "0" second time for fields with default values;
*) webfig - changed time format according to ISO standard;
*) webfig - display date and time in local time zone;
*) webfig - fixed missing "WifiWave2" menu;
*) webfig - fixed missing property names in "WifiWave2" menu;
*) webfig - redesigned item configuration display;
*) webfig - redesigned top menu bar;
*) webfig - removed "Tools/Telnet" menu;
*) webfig - removed auto-login with default credentials (admin without a password);
*) wifiwave2 - avoid transmitting extra bytes at the end of the packet after stripping a VLAN tag;
*) wifiwave2 - do not show placeholder transmit power values on interface startup;
*) wifiwave2 - fixed CAP connection when provisioning "manager=capsman";
*) wifiwave2 - fixed CAP interface name when using "name-format";
*) wifiwave2 - fixed connectivity issues wheen access-list is used;
*) wifiwave2 - fixed DFS channel availability warning (introduced in v7.9);
*) wifiwave2 - fixed dynamic interface adding to bridge on CAP device;
*) wifiwave2 - fixed inability to disable CAPsMAN when there are RADIUS-authenticated clients connected;
*) wifiwave2 - fixed incorrect limits on number of interfaces in station mode;
*) wifiwave2 - fixed interface name change when restoring backup;
*) wifiwave2 - fixed key handshake timeout with re-associating clients;
*) wifiwave2 - fixed OWE authentication compatibility with 802.11ax client devices;
*) wifiwave2 - fixed OWE authentication compatibility with third-party client devices (introduced in v7.8);
*) wifiwave2 - fixed wireless throughput issues after 802.11r client roaming events on 802.11ac devices;
*) wifiwave2 - improve protections against DoS attacks on WPA3-PSK;
*) wifiwave2 - improved logging when an interface is unable to assign a VLAN tag to client;
*) wifiwave2 - improved system stability when trying to exceed virtual AP limit;
*) wifiwave2 - less verbose logging when WPA3-PSK clients are connecting;
*) wifiwave2 - other system stability improvements;
*) wifiwave2 - restore interface running state when connection to CAPsMAN is lost;
*) winbox - added "MPLS/Settings" menu;
*) winbox - added "Queues" configuration tab when creating new entries under "IPv6/DHCP-Server" menu;
*) winbox - rename "URL" property to "Action data" under "IP/Web-Proxy/Access" menu;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) wireguard - retry "endpoint-address" DNS query on failed resolve;
*) x86 - ice driver update to v1.11.14;
*) zerotier - make "identity" setting sensitive;
Версия 7.1.5
2022-03-22
What's new in 7.1.5 (2022-Mar-22 13:03):
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed "table" menu emptying after RouterOS upgrade;
Версия 7.1.5
2022-03-22
What's new in 7.1.5 (2022-Mar-22 13:03):
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed "table" menu emptying after RouterOS upgrade;
Версия 7.1.5
2022-03-22
What's new in 7.1.5 (2022-Mar-22 13:03):
*) route - fixed "table" menu emptying after RouterOS upgrade;
*) route - fixed "table" menu emptying after RouterOS upgrade;
Версия 7.1.4
2022-03-22
What's new in 7.1.4 (2022-Mar-21 13:23):
*) bgp - fixed VPNv4 route sending to remote peer;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) capsman - improved stability when running background scan on CAP;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) l2tp - improved system stability when processing L2TP control messages;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) lte - made "RG502QEAAAR11A06M4G" the last OTA firmware version update for Chateau 5G in RouterOS 7.1.x release tree;
*) ntp - improved source address usage for reply packets;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed incorrect LSA types when changing area types;
*) ppp - added "comment" option for PPPoE servers;
*) queue - improved system stability when using more than 255 unique packet marks;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed route addition to VRF from BGP;
*) route - fixed routing configuration export on SMIPS devices;
*) route-filters - renamed "*-set" to "*-list";
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) ups - fixed UPS support;
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) wireguard - allow same peer's public key for different interfaces;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) bgp - fixed VPNv4 route sending to remote peer;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) capsman - improved stability when running background scan on CAP;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) l2tp - improved system stability when processing L2TP control messages;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) lte - made "RG502QEAAAR11A06M4G" the last OTA firmware version update for Chateau 5G in RouterOS 7.1.x release tree;
*) ntp - improved source address usage for reply packets;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed incorrect LSA types when changing area types;
*) ppp - added "comment" option for PPPoE servers;
*) queue - improved system stability when using more than 255 unique packet marks;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed route addition to VRF from BGP;
*) route - fixed routing configuration export on SMIPS devices;
*) route-filters - renamed "*-set" to "*-list";
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) ups - fixed UPS support;
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) wireguard - allow same peer's public key for different interfaces;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - fixed interface initialization on Metal 2SHPn;
Версия 7.1.4
2022-03-22
What's new in 7.1.4 (2022-Mar-21 13:23):
*) bgp - fixed VPNv4 route sending to remote peer;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) capsman - improved stability when running background scan on CAP;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) l2tp - improved system stability when processing L2TP control messages;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) lte - made "RG502QEAAAR11A06M4G" the last OTA firmware version update for Chateau 5G in RouterOS 7.1.x release tree;
*) ntp - improved source address usage for reply packets;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed incorrect LSA types when changing area types;
*) ppp - added "comment" option for PPPoE servers;
*) queue - improved system stability when using more than 255 unique packet marks;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed route addition to VRF from BGP;
*) route - fixed routing configuration export on SMIPS devices;
*) route-filters - renamed "*-set" to "*-list";
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) ups - fixed UPS support;
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) wireguard - allow same peer's public key for different interfaces;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) bgp - fixed VPNv4 route sending to remote peer;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) capsman - improved stability when running background scan on CAP;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) l2tp - improved system stability when processing L2TP control messages;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) lte - made "RG502QEAAAR11A06M4G" the last OTA firmware version update for Chateau 5G in RouterOS 7.1.x release tree;
*) ntp - improved source address usage for reply packets;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed incorrect LSA types when changing area types;
*) ppp - added "comment" option for PPPoE servers;
*) queue - improved system stability when using more than 255 unique packet marks;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed route addition to VRF from BGP;
*) route - fixed routing configuration export on SMIPS devices;
*) route-filters - renamed "*-set" to "*-list";
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) ups - fixed UPS support;
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) wireguard - allow same peer's public key for different interfaces;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - fixed interface initialization on Metal 2SHPn;
Версия 7.1.4
2022-03-22
What's new in 7.1.4 (2022-Mar-21 13:23):
*) bgp - fixed VPNv4 route sending to remote peer;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) capsman - improved stability when running background scan on CAP;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) l2tp - improved system stability when processing L2TP control messages;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) lte - made "RG502QEAAAR11A06M4G" the last OTA firmware version update for Chateau 5G in RouterOS 7.1.x release tree;
*) ntp - improved source address usage for reply packets;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed incorrect LSA types when changing area types;
*) ppp - added "comment" option for PPPoE servers;
*) queue - improved system stability when using more than 255 unique packet marks;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed route addition to VRF from BGP;
*) route - fixed routing configuration export on SMIPS devices;
*) route-filters - renamed "*-set" to "*-list";
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) ups - fixed UPS support;
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) wireguard - allow same peer's public key for different interfaces;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - fixed interface initialization on Metal 2SHPn;
*) bgp - fixed VPNv4 route sending to remote peer;
*) bridge - fixed destination NAT when using "use-ip-firewall" setting;
*) bridge - fixed filter rules when using interface lists;
*) bridge - fixed priority tagged frame forwarding when using "frame-types=admit-only-untagged-and-priority-tagged" setting;
*) capsman - improved stability when running background scan on CAP;
*) crs3xx - improved maximum allowed ACL rule calculation;
*) crs3xx - improved system stability when creating many ACL rules on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) l2tp - improved system stability when processing L2TP control messages;
*) lte - made "no" the default value for "use-network-apn" parameter;
*) lte - made "RG502QEAAAR11A06M4G" the last OTA firmware version update for Chateau 5G in RouterOS 7.1.x release tree;
*) ntp - improved source address usage for reply packets;
*) ospf - fixed default route origination when "default-originate=if-installed" "redistribute" is enabled;
*) ospf - fixed incorrect LSA types when changing area types;
*) ppp - added "comment" option for PPPoE servers;
*) queue - improved system stability when using more than 255 unique packet marks;
*) route - fixed ECMP load balancing in FastPath;
*) route - fixed route addition to VRF from BGP;
*) route - fixed routing configuration export on SMIPS devices;
*) route-filters - renamed "*-set" to "*-list";
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) switch - fixed port-isolation misconfiguration detection when using multiple switches;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) ups - fixed UPS support;
*) winbox - added "VPN" tab to "Routing/BGP" menu;
*) winbox - added "VRF" parameter for "SSH" and "Telnet" menus;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) wireguard - allow same peer's public key for different interfaces;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - fixed interface initialization on Metal 2SHPn;
Версия 7.1.3
2022-02-21
What's new in 7.1.3 (2022-Feb-11 21:20):
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) bridge - fixed filter and NAT "set-priority" action;
*) conntrack - properly detect helper status;
*) crs3xx - fixed watchdog timer functionality;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) sms - increased "at-chat" timeout when sending SMS;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) vxlan - allow unsetting "group" and "interface" properties;
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) bridge - fixed filter and NAT "set-priority" action;
*) conntrack - properly detect helper status;
*) crs3xx - fixed watchdog timer functionality;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) sms - increased "at-chat" timeout when sending SMS;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) vxlan - allow unsetting "group" and "interface" properties;
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
Версия 7.1.3
2022-02-21
What's new in 7.1.3 (2022-Feb-11 21:20):
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) bridge - fixed filter and NAT "set-priority" action;
*) conntrack - properly detect helper status;
*) crs3xx - fixed watchdog timer functionality;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) sms - increased "at-chat" timeout when sending SMS;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) vxlan - allow unsetting "group" and "interface" properties;
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) bridge - fixed filter and NAT "set-priority" action;
*) conntrack - properly detect helper status;
*) crs3xx - fixed watchdog timer functionality;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) sms - increased "at-chat" timeout when sending SMS;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) vxlan - allow unsetting "group" and "interface" properties;
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
Версия 7.1.3
2022-02-21
What's new in 7.1.3 (2022-Feb-11 21:20):
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) bridge - fixed filter and NAT "set-priority" action;
*) conntrack - properly detect helper status;
*) crs3xx - fixed watchdog timer functionality;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) sms - increased "at-chat" timeout when sending SMS;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) vxlan - allow unsetting "group" and "interface" properties;
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
*) bridge - fixed PPPoE packet forwarding when using "use-ip-firewall-for-pppoe" setting;
*) bridge - fixed bridge filter and NAT rules on ARM64 and TILE devices;
*) bridge - fixed filter and NAT "set-priority" action;
*) conntrack - properly detect helper status;
*) crs3xx - fixed watchdog timer functionality;
*) ppp - improved stability when handling large amount of connections simultaneously;
*) sms - increased "at-chat" timeout when sending SMS;
*) switch - improved switch chip initialization process on bootup for CCR2004-16g-2s+ devices;
*) vxlan - allow unsetting "group" and "interface" properties;
*) vxlan - fixed running state after reboot when using "interface" and "group" settings;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireguard - fixed IPv6 traffic processing with multiple peers;
Версия 7.1.2
2022-02-10
What's new in 7.1.2 (2022-Feb-03 16:15):
*) bgp - fixed routing table and BGP configuration order in export;
*) bluetooth - disable scanning by default;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) console - updated copyright notice;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) hotspot - fixed web page loading using HTTPS;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) lte - fixed support for Sierra MC7710;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed "use-local-clock" when enabling server;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) qsfp - correctly display auto-negotiation status;
*) queue - improved system stability when processing traffic;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed router's LSA for PTP networks;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) socks - fixed SOCKS5 support;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) tr069-client - added support for wireless client uptime reporting;
*) usb - fixed display of incorrect port count for USB serial ports;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added MLAG support;
*) winbox - added ZeroTier support;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) x86 - added support for Intel E810 NIC;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) bgp - fixed routing table and BGP configuration order in export;
*) bluetooth - disable scanning by default;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) console - updated copyright notice;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) hotspot - fixed web page loading using HTTPS;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) lte - fixed support for Sierra MC7710;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed "use-local-clock" when enabling server;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) qsfp - correctly display auto-negotiation status;
*) queue - improved system stability when processing traffic;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed router's LSA for PTP networks;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) socks - fixed SOCKS5 support;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) tr069-client - added support for wireless client uptime reporting;
*) usb - fixed display of incorrect port count for USB serial ports;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added MLAG support;
*) winbox - added ZeroTier support;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) x86 - added support for Intel E810 NIC;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
Версия 7.1.2
2022-02-10
What's new in 7.1.2 (2022-Feb-03 16:15):
*) bgp - fixed routing table and BGP configuration order in export;
*) bluetooth - disable scanning by default;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) console - updated copyright notice;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) hotspot - fixed web page loading using HTTPS;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) lte - fixed support for Sierra MC7710;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed "use-local-clock" when enabling server;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) qsfp - correctly display auto-negotiation status;
*) queue - improved system stability when processing traffic;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed router's LSA for PTP networks;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) socks - fixed SOCKS5 support;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) tr069-client - added support for wireless client uptime reporting;
*) usb - fixed display of incorrect port count for USB serial ports;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added MLAG support;
*) winbox - added ZeroTier support;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) x86 - added support for Intel E810 NIC;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) bgp - fixed routing table and BGP configuration order in export;
*) bluetooth - disable scanning by default;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) console - updated copyright notice;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) hotspot - fixed web page loading using HTTPS;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) lte - fixed support for Sierra MC7710;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed "use-local-clock" when enabling server;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) qsfp - correctly display auto-negotiation status;
*) queue - improved system stability when processing traffic;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed router's LSA for PTP networks;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) socks - fixed SOCKS5 support;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) tr069-client - added support for wireless client uptime reporting;
*) usb - fixed display of incorrect port count for USB serial ports;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added MLAG support;
*) winbox - added ZeroTier support;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) x86 - added support for Intel E810 NIC;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
Версия 7.1.2
2022-02-10
What's new in 7.1.2 (2022-Feb-03 16:15):
*) bgp - fixed routing table and BGP configuration order in export;
*) bluetooth - disable scanning by default;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) console - updated copyright notice;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) hotspot - fixed web page loading using HTTPS;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) lte - fixed support for Sierra MC7710;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed "use-local-clock" when enabling server;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) qsfp - correctly display auto-negotiation status;
*) queue - improved system stability when processing traffic;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed router's LSA for PTP networks;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) socks - fixed SOCKS5 support;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) tr069-client - added support for wireless client uptime reporting;
*) usb - fixed display of incorrect port count for USB serial ports;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added MLAG support;
*) winbox - added ZeroTier support;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) x86 - added support for Intel E810 NIC;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
*) bgp - fixed routing table and BGP configuration order in export;
*) bluetooth - disable scanning by default;
*) chr - improved system stability when writing into memory;
*) chr - temporarily suspended downgrade to RouterOS v6;
*) console - updated copyright notice;
*) dhcpv4-server - remove dynamic leases when server configuration is removed;
*) hotspot - fixed web page loading using HTTPS;
*) interface - fixed minor memory leak when interface or connected route is changed;
*) lte - added MAC address and IPv6 LL address persistence after reboot on EG12 and EG18 modems;
*) lte - added class based support for configless RNDIS LTE modems;
*) lte - expose diagnostics channel for all modems;
*) lte - fixed IPv6 address addition after startup on R11e-LTE6;
*) lte - fixed packet forwarding on R11e-4G and R11e-LTE-US;
*) lte - fixed support for Sierra MC7710;
*) lte - improved stability on "+EGMR" response in MBIM mode;
*) lte - properly recognize MBIM modem in USB port as LTE on Chateau 5G;
*) ntp - allow adding duplicate server address if dynamic entry exists;
*) ntp - fixed "use-local-clock" when enabling server;
*) ntp - fixed multicast mode support;
*) ntp - improved IPv6 address support;
*) ospf - added "ptmp-broadcast" interface type (compatible with RouterOSv6 PTMP type);
*) ospf - convert ospf "static" redistribute to "static,dhcp,modem,vpn" after update from RouterOS v6;
*) ospf - fixed external LSA not updating after prefix netmask change;
*) ppp - fixed AT+CPIN chat when SIM PIN is specified;
*) qsfp - correctly display auto-negotiation status;
*) queue - improved system stability when processing traffic;
*) route - fixed "suppress-hw-offload" update;
*) route - fixed router's LSA for PTP networks;
*) route - show OSPF and RIP specific attributes in "/routing route" table;
*) route-filter - fixed incorrect invert-match configuration upgrade from RouterOS v6;
*) route-filter - fixed range conversion after update from RouterOS v6;
*) rpki - made RPKI verify non-strict, introduces new state "unverified";
*) rpki - show expire timer;
*) socks - fixed SOCKS5 support;
*) system - fixed license loss on some RB1100Dx4 and RB4011 devices;
*) tr069-client - added support for wireless client uptime reporting;
*) usb - fixed display of incorrect port count for USB serial ports;
*) vlan - fixed improper VLAN priority addition for routed packets;
*) webfig - do not show side menu if WebFig is disabled by skin;
*) winbox - added "VRF" parameter to "IP/Services" menu;
*) winbox - added MLAG support;
*) winbox - added ZeroTier support;
*) winbox - allow setting "Interface" parameter for 100G LED types;
*) winbox - do not show "Antenna Scan" button on devices that do not support it;
*) winbox - fixed "action" field in "IP/Web Proxy/Access" menu;
*) winbox - fixed address list type parameters in "Routing" menu;
*) winbox - made OSPF interface type names consistent between CLI and GUI;
*) x86 - added support for Intel E810 NIC;
*) x86 - made "no" the default value for "disable-running-check" ethernet parameter;
*) x86 - properly distinguish multiple NICs that share the same PCI bus number;
Версия 7.1.1
2021-12-21
What's new in 7.1.1 (2021-Dec-21 13:53):
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) dhcpv4-server - allow adding comments;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed bonding source MAC address;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) ntp - print log change time with time-zone applied;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - improved overall stability;
*) ospf - improves stability when handling looped back OSPF packets;
*) upgrade - improved 404 error handling when checking for new versions;
*) webfig - fixed user policy lookup for skin designer;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) dhcpv4-server - allow adding comments;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed bonding source MAC address;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) ntp - print log change time with time-zone applied;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - improved overall stability;
*) ospf - improves stability when handling looped back OSPF packets;
*) upgrade - improved 404 error handling when checking for new versions;
*) webfig - fixed user policy lookup for skin designer;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
Версия 7.1.1
2021-12-21
What's new in 7.1.1 (2021-Dec-21 13:53):
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) dhcpv4-server - allow adding comments;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed bonding source MAC address;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) ntp - print log change time with time-zone applied;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - improved overall stability;
*) ospf - improves stability when handling looped back OSPF packets;
*) upgrade - improved 404 error handling when checking for new versions;
*) webfig - fixed user policy lookup for skin designer;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) dhcpv4-server - allow adding comments;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed bonding source MAC address;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) ntp - print log change time with time-zone applied;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - improved overall stability;
*) ospf - improves stability when handling looped back OSPF packets;
*) upgrade - improved 404 error handling when checking for new versions;
*) webfig - fixed user policy lookup for skin designer;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
Версия 7.1.1
2021-12-21
What's new in 7.1.1 (2021-Dec-21 13:53):
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) dhcpv4-server - allow adding comments;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed bonding source MAC address;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) ntp - print log change time with time-zone applied;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - improved overall stability;
*) ospf - improves stability when handling looped back OSPF packets;
*) upgrade - improved 404 error handling when checking for new versions;
*) webfig - fixed user policy lookup for skin designer;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
*) backup - added "force-v6-to-v7-configuration-upgrade" option on backup load to clear RouterOS v7 configuration and trigger reimport of RouterOS v6 route configuration (CLI only);
*) backup - fixed automatic backup generation when resetting configuration;
*) bgp - improvements on detecting peers local address when IPv6 link-local addresses are used;
*) capsman - improved system stability when processing CAP packet by Mangle;
*) dhcpv4-server - allow adding comments;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) l3hw - fixed HW offloaded routing when using 7 or more VLAN interfaces;
*) l3hw - fixed bonding source MAC address;
*) l3hw - improved system stability when using 7 or more VLAN interfaces;
*) ntp - print log change time with time-zone applied;
*) ospf - fixed distance if "originate-default" is set to "always";
*) ospf - fixed neighbor stuck in ExStart;
*) ospf - fixed simple authentication;
*) ospf - improved overall stability;
*) ospf - improves stability when handling looped back OSPF packets;
*) upgrade - improved 404 error handling when checking for new versions;
*) webfig - fixed user policy lookup for skin designer;
*) winbox - made "Routing Filters/Rules" table sortable;
*) winbox - moved "IP/Route/Nexthops" and "IPv6/Route/Nexthops" menus to "Routing/Nexthops";
*) winbox - updated default "Routing/BGP/Peer Cache" table appearance;
Версия 7.1
2021-12-06
What's new in 7.1 (2021-Dec-01 16:07):
MAJOR CHANGES
----------------------
!) updated Linux Kernel based on version 5.6.3;
!) completely new NTP client and server implementation;
!) completely new User Manager implementation;
!) merged individual packages, only bundle and a few extra packages remain;
!) new Command Line Interface (CLI) style (RouterOS v6 commands are still supported);
!) support for Let's Encrypt certificate generation;
!) support for REST API;
!) support for UEFI boot mode on x86;
----------------------
NETWORKING
----------------------
!) CHR FastPath support for "vmxnet3" and "virtio-net" drivers;
!) support for "Cake" and "FQ_Codel" type queues;
!) support for IPv6 NAT;
!) support for Layer 3 hardware acceleration on all CRS3xx devices;
!) support for MBIM driver with basic functionality support for all modems with MBIM mode;
!) support for MLAG on CRS3xx devices;
!) support for VRRP grouping and connection tracking data synchronization between nodes;
!) support for Virtual eXtensible Local Area Network (VXLAN);
----------------------
ROUTING
----------------------
!) completely new BGP implementation with performance improvements;
!) completely new IPv6 stack;
!) completely new MPLS implementation with interface lists, multipath and LDPv6 support;
!) completely new OSPF implementation with performance improvements;
!) completely new routing filtering with script-like rule syntax, RPKI support and large and extended community filtering;
!) support for IPv6 ECMP and VRF (including VRF-lite);
!) support for IPv6 recursive routing and policy routing;
----------------------
VPN
----------------------
!) support for L2TPv3;
!) support for OpenVPN UDP transport protocol;
!) support for WireGuard;
!) support for ZeroTier on ARM and ARM64 devices;
----------------------
WIRELESS
----------------------
!) completely new alternative wireless package "wifiwave2" with 802.11ac Wave2, WPA3 and 802.11w management frame protection support (requires ARM CPU and 256MB RAM);
----------------------
MAJOR CHANGES
----------------------
!) updated Linux Kernel based on version 5.6.3;
!) completely new NTP client and server implementation;
!) completely new User Manager implementation;
!) merged individual packages, only bundle and a few extra packages remain;
!) new Command Line Interface (CLI) style (RouterOS v6 commands are still supported);
!) support for Let's Encrypt certificate generation;
!) support for REST API;
!) support for UEFI boot mode on x86;
----------------------
NETWORKING
----------------------
!) CHR FastPath support for "vmxnet3" and "virtio-net" drivers;
!) support for "Cake" and "FQ_Codel" type queues;
!) support for IPv6 NAT;
!) support for Layer 3 hardware acceleration on all CRS3xx devices;
!) support for MBIM driver with basic functionality support for all modems with MBIM mode;
!) support for MLAG on CRS3xx devices;
!) support for VRRP grouping and connection tracking data synchronization between nodes;
!) support for Virtual eXtensible Local Area Network (VXLAN);
----------------------
ROUTING
----------------------
!) completely new BGP implementation with performance improvements;
!) completely new IPv6 stack;
!) completely new MPLS implementation with interface lists, multipath and LDPv6 support;
!) completely new OSPF implementation with performance improvements;
!) completely new routing filtering with script-like rule syntax, RPKI support and large and extended community filtering;
!) support for IPv6 ECMP and VRF (including VRF-lite);
!) support for IPv6 recursive routing and policy routing;
----------------------
VPN
----------------------
!) support for L2TPv3;
!) support for OpenVPN UDP transport protocol;
!) support for WireGuard;
!) support for ZeroTier on ARM and ARM64 devices;
----------------------
WIRELESS
----------------------
!) completely new alternative wireless package "wifiwave2" with 802.11ac Wave2, WPA3 and 802.11w management frame protection support (requires ARM CPU and 256MB RAM);
----------------------
Версия 7.1
2021-12-06
What's new in 7.1 (2021-Dec-01 16:07):
MAJOR CHANGES
----------------------
!) updated Linux Kernel based on version 5.6.3;
!) completely new NTP client and server implementation;
!) completely new User Manager implementation;
!) merged individual packages, only bundle and a few extra packages remain;
!) new Command Line Interface (CLI) style (RouterOS v6 commands are still supported);
!) support for Let's Encrypt certificate generation;
!) support for REST API;
!) support for UEFI boot mode on x86;
----------------------
NETWORKING
----------------------
!) CHR FastPath support for "vmxnet3" and "virtio-net" drivers;
!) support for "Cake" and "FQ_Codel" type queues;
!) support for IPv6 NAT;
!) support for Layer 3 hardware acceleration on all CRS3xx devices;
!) support for MBIM driver with basic functionality support for all modems with MBIM mode;
!) support for MLAG on CRS3xx devices;
!) support for VRRP grouping and connection tracking data synchronization between nodes;
!) support for Virtual eXtensible Local Area Network (VXLAN);
----------------------
ROUTING
----------------------
!) completely new BGP implementation with performance improvements;
!) completely new IPv6 stack;
!) completely new MPLS implementation with interface lists, multipath and LDPv6 support;
!) completely new OSPF implementation with performance improvements;
!) completely new routing filtering with script-like rule syntax, RPKI support and large and extended community filtering;
!) support for IPv6 ECMP and VRF (including VRF-lite);
!) support for IPv6 recursive routing and policy routing;
----------------------
VPN
----------------------
!) support for L2TPv3;
!) support for OpenVPN UDP transport protocol;
!) support for WireGuard;
!) support for ZeroTier on ARM and ARM64 devices;
----------------------
WIRELESS
----------------------
!) completely new alternative wireless package "wifiwave2" with 802.11ac Wave2, WPA3 and 802.11w management frame protection support (requires ARM CPU and 256MB RAM);
----------------------
MAJOR CHANGES
----------------------
!) updated Linux Kernel based on version 5.6.3;
!) completely new NTP client and server implementation;
!) completely new User Manager implementation;
!) merged individual packages, only bundle and a few extra packages remain;
!) new Command Line Interface (CLI) style (RouterOS v6 commands are still supported);
!) support for Let's Encrypt certificate generation;
!) support for REST API;
!) support for UEFI boot mode on x86;
----------------------
NETWORKING
----------------------
!) CHR FastPath support for "vmxnet3" and "virtio-net" drivers;
!) support for "Cake" and "FQ_Codel" type queues;
!) support for IPv6 NAT;
!) support for Layer 3 hardware acceleration on all CRS3xx devices;
!) support for MBIM driver with basic functionality support for all modems with MBIM mode;
!) support for MLAG on CRS3xx devices;
!) support for VRRP grouping and connection tracking data synchronization between nodes;
!) support for Virtual eXtensible Local Area Network (VXLAN);
----------------------
ROUTING
----------------------
!) completely new BGP implementation with performance improvements;
!) completely new IPv6 stack;
!) completely new MPLS implementation with interface lists, multipath and LDPv6 support;
!) completely new OSPF implementation with performance improvements;
!) completely new routing filtering with script-like rule syntax, RPKI support and large and extended community filtering;
!) support for IPv6 ECMP and VRF (including VRF-lite);
!) support for IPv6 recursive routing and policy routing;
----------------------
VPN
----------------------
!) support for L2TPv3;
!) support for OpenVPN UDP transport protocol;
!) support for WireGuard;
!) support for ZeroTier on ARM and ARM64 devices;
----------------------
WIRELESS
----------------------
!) completely new alternative wireless package "wifiwave2" with 802.11ac Wave2, WPA3 and 802.11w management frame protection support (requires ARM CPU and 256MB RAM);
----------------------
Версия 7.1
2021-12-06
What's new in 7.1 (2021-Dec-01 16:07):
MAJOR CHANGES
----------------------
!) updated Linux Kernel based on version 5.6.3;
!) completely new NTP client and server implementation;
!) completely new User Manager implementation;
!) merged individual packages, only bundle and a few extra packages remain;
!) new Command Line Interface (CLI) style (RouterOS v6 commands are still supported);
!) support for Let's Encrypt certificate generation;
!) support for REST API;
!) support for UEFI boot mode on x86;
----------------------
NETWORKING
----------------------
!) CHR FastPath support for "vmxnet3" and "virtio-net" drivers;
!) support for "Cake" and "FQ_Codel" type queues;
!) support for IPv6 NAT;
!) support for Layer 3 hardware acceleration on all CRS3xx devices;
!) support for MBIM driver with basic functionality support for all modems with MBIM mode;
!) support for MLAG on CRS3xx devices;
!) support for VRRP grouping and connection tracking data synchronization between nodes;
!) support for Virtual eXtensible Local Area Network (VXLAN);
----------------------
ROUTING
----------------------
!) completely new BGP implementation with performance improvements;
!) completely new IPv6 stack;
!) completely new MPLS implementation with interface lists, multipath and LDPv6 support;
!) completely new OSPF implementation with performance improvements;
!) completely new routing filtering with script-like rule syntax, RPKI support and large and extended community filtering;
!) support for IPv6 ECMP and VRF (including VRF-lite);
!) support for IPv6 recursive routing and policy routing;
----------------------
VPN
----------------------
!) support for L2TPv3;
!) support for OpenVPN UDP transport protocol;
!) support for WireGuard;
!) support for ZeroTier on ARM and ARM64 devices;
----------------------
WIRELESS
----------------------
!) completely new alternative wireless package "wifiwave2" with 802.11ac Wave2, WPA3 and 802.11w management frame protection support (requires ARM CPU and 256MB RAM);
----------------------
MAJOR CHANGES
----------------------
!) updated Linux Kernel based on version 5.6.3;
!) completely new NTP client and server implementation;
!) completely new User Manager implementation;
!) merged individual packages, only bundle and a few extra packages remain;
!) new Command Line Interface (CLI) style (RouterOS v6 commands are still supported);
!) support for Let's Encrypt certificate generation;
!) support for REST API;
!) support for UEFI boot mode on x86;
----------------------
NETWORKING
----------------------
!) CHR FastPath support for "vmxnet3" and "virtio-net" drivers;
!) support for "Cake" and "FQ_Codel" type queues;
!) support for IPv6 NAT;
!) support for Layer 3 hardware acceleration on all CRS3xx devices;
!) support for MBIM driver with basic functionality support for all modems with MBIM mode;
!) support for MLAG on CRS3xx devices;
!) support for VRRP grouping and connection tracking data synchronization between nodes;
!) support for Virtual eXtensible Local Area Network (VXLAN);
----------------------
ROUTING
----------------------
!) completely new BGP implementation with performance improvements;
!) completely new IPv6 stack;
!) completely new MPLS implementation with interface lists, multipath and LDPv6 support;
!) completely new OSPF implementation with performance improvements;
!) completely new routing filtering with script-like rule syntax, RPKI support and large and extended community filtering;
!) support for IPv6 ECMP and VRF (including VRF-lite);
!) support for IPv6 recursive routing and policy routing;
----------------------
VPN
----------------------
!) support for L2TPv3;
!) support for OpenVPN UDP transport protocol;
!) support for WireGuard;
!) support for ZeroTier on ARM and ARM64 devices;
----------------------
WIRELESS
----------------------
!) completely new alternative wireless package "wifiwave2" with 802.11ac Wave2, WPA3 and 802.11w management frame protection support (requires ARM CPU and 256MB RAM);
----------------------
Версия 6.9
2014-01-31
What's new in 6.9 (2014-Jan-31 11:18):
*) lcd - added option to change the color-scheme;
*) updated bootloader firmware;
*) ppp: fixed RADIUS accounting;
*) ppp: fixed IPV6-Prefix assigning;
*) ppp: fixed dial-on-demand;
*) lcd - added option to change the color-scheme;
*) updated bootloader firmware;
*) ppp: fixed RADIUS accounting;
*) ppp: fixed IPV6-Prefix assigning;
*) ppp: fixed dial-on-demand;
Версия 6.9
2014-01-31
What's new in 6.9 (2014-Jan-31 11:18):
*) lcd - added option to change the color-scheme;
*) updated bootloader firmware;
*) ppp: fixed RADIUS accounting;
*) ppp: fixed IPV6-Prefix assigning;
*) ppp: fixed dial-on-demand;
*) lcd - added option to change the color-scheme;
*) updated bootloader firmware;
*) ppp: fixed RADIUS accounting;
*) ppp: fixed IPV6-Prefix assigning;
*) ppp: fixed dial-on-demand;
Версия 6.9
2014-01-31
What's new in 6.9 (2014-Jan-31 11:18):
*) lcd - added option to change the color-scheme;
*) updated bootloader firmware;
*) ppp: fixed RADIUS accounting;
*) ppp: fixed IPV6-Prefix assigning;
*) ppp: fixed dial-on-demand;
*) lcd - added option to change the color-scheme;
*) updated bootloader firmware;
*) ppp: fixed RADIUS accounting;
*) ppp: fixed IPV6-Prefix assigning;
*) ppp: fixed dial-on-demand;
Версия 6.9
2014-01-31
What's new in 6.9 (2014-Jan-31 11:18):
*) lcd - added option to change the color-scheme;
*) updated bootloader firmware;
*) ppp: fixed RADIUS accounting;
*) ppp: fixed IPV6-Prefix assigning;
*) ppp: fixed dial-on-demand;
*) lcd - added option to change the color-scheme;
*) updated bootloader firmware;
*) ppp: fixed RADIUS accounting;
*) ppp: fixed IPV6-Prefix assigning;
*) ppp: fixed dial-on-demand;
Версия 6.7
2013-12-02
What's new in 6.7 (2013-Nov-29 13:37):
*) support Android usb tethering interface;
*) ipsec - added aes-gcm icv16 encryption mode;
*) wireless - improve rate selection for nstreme protocol
*) poe - new poe controller firmware for RB750UP and OmniTIK UPA;
*) ipsec - added aes-ctr encryption mode;
*) leds - inverted modem signal trigger, now it will trigger when the signal
level rises above the treshold;
*) ipsec - added sha256 and sha512 support;
*) ipsec - proposal defaults changed to aes-128 and sha1 for both phase1 and phase2;
*) certificate - support ip, dns and email subject alternative names;
*) dhcpv4 server - added REMOTE_ID option variable for relayed packets;
*) ipsec - fix policy bypass on IPv6 gre, ipip, eoip tunnels when policy
uses protocol filter;
*) userman - fix crash on tilera;
*) fixed hairpin nat on bridge with use-ip-firewall=yes;
*) fixed vlan on bridge after reboot having 00:00:00:00:00:00 mac address;
*) address-list - allow manually adding timeoutable entries;
*) address-list - show dynamic entry timeout;
*) fixed l2mtu changing on CCRs - could cause port flapping;
*) disabling/enabling ethernet ports did not work properly on CCRs,
could cause port flapping;
*) fixed port flapping on CCR - could happen when having other than
only-hardware-queue interface queue.
Note that having other interface queue than only-hardware-queue
dramatically reduces performace, so should be avoided if possible;
*) support Android usb tethering interface;
*) ipsec - added aes-gcm icv16 encryption mode;
*) wireless - improve rate selection for nstreme protocol
*) poe - new poe controller firmware for RB750UP and OmniTIK UPA;
*) ipsec - added aes-ctr encryption mode;
*) leds - inverted modem signal trigger, now it will trigger when the signal
level rises above the treshold;
*) ipsec - added sha256 and sha512 support;
*) ipsec - proposal defaults changed to aes-128 and sha1 for both phase1 and phase2;
*) certificate - support ip, dns and email subject alternative names;
*) dhcpv4 server - added REMOTE_ID option variable for relayed packets;
*) ipsec - fix policy bypass on IPv6 gre, ipip, eoip tunnels when policy
uses protocol filter;
*) userman - fix crash on tilera;
*) fixed hairpin nat on bridge with use-ip-firewall=yes;
*) fixed vlan on bridge after reboot having 00:00:00:00:00:00 mac address;
*) address-list - allow manually adding timeoutable entries;
*) address-list - show dynamic entry timeout;
*) fixed l2mtu changing on CCRs - could cause port flapping;
*) disabling/enabling ethernet ports did not work properly on CCRs,
could cause port flapping;
*) fixed port flapping on CCR - could happen when having other than
only-hardware-queue interface queue.
Note that having other interface queue than only-hardware-queue
dramatically reduces performace, so should be avoided if possible;
Версия 6.7
2013-12-02
What's new in 6.7 (2013-Nov-29 13:37):
*) support Android usb tethering interface;
*) ipsec - added aes-gcm icv16 encryption mode;
*) wireless - improve rate selection for nstreme protocol
*) poe - new poe controller firmware for RB750UP and OmniTIK UPA;
*) ipsec - added aes-ctr encryption mode;
*) leds - inverted modem signal trigger, now it will trigger when the signal
level rises above the treshold;
*) ipsec - added sha256 and sha512 support;
*) ipsec - proposal defaults changed to aes-128 and sha1 for both phase1 and phase2;
*) certificate - support ip, dns and email subject alternative names;
*) dhcpv4 server - added REMOTE_ID option variable for relayed packets;
*) ipsec - fix policy bypass on IPv6 gre, ipip, eoip tunnels when policy
uses protocol filter;
*) userman - fix crash on tilera;
*) fixed hairpin nat on bridge with use-ip-firewall=yes;
*) fixed vlan on bridge after reboot having 00:00:00:00:00:00 mac address;
*) address-list - allow manually adding timeoutable entries;
*) address-list - show dynamic entry timeout;
*) fixed l2mtu changing on CCRs - could cause port flapping;
*) disabling/enabling ethernet ports did not work properly on CCRs,
could cause port flapping;
*) fixed port flapping on CCR - could happen when having other than
only-hardware-queue interface queue.
Note that having other interface queue than only-hardware-queue
dramatically reduces performace, so should be avoided if possible;
*) support Android usb tethering interface;
*) ipsec - added aes-gcm icv16 encryption mode;
*) wireless - improve rate selection for nstreme protocol
*) poe - new poe controller firmware for RB750UP and OmniTIK UPA;
*) ipsec - added aes-ctr encryption mode;
*) leds - inverted modem signal trigger, now it will trigger when the signal
level rises above the treshold;
*) ipsec - added sha256 and sha512 support;
*) ipsec - proposal defaults changed to aes-128 and sha1 for both phase1 and phase2;
*) certificate - support ip, dns and email subject alternative names;
*) dhcpv4 server - added REMOTE_ID option variable for relayed packets;
*) ipsec - fix policy bypass on IPv6 gre, ipip, eoip tunnels when policy
uses protocol filter;
*) userman - fix crash on tilera;
*) fixed hairpin nat on bridge with use-ip-firewall=yes;
*) fixed vlan on bridge after reboot having 00:00:00:00:00:00 mac address;
*) address-list - allow manually adding timeoutable entries;
*) address-list - show dynamic entry timeout;
*) fixed l2mtu changing on CCRs - could cause port flapping;
*) disabling/enabling ethernet ports did not work properly on CCRs,
could cause port flapping;
*) fixed port flapping on CCR - could happen when having other than
only-hardware-queue interface queue.
Note that having other interface queue than only-hardware-queue
dramatically reduces performace, so should be avoided if possible;
Версия 6.7
2013-12-02
What's new in 6.7 (2013-Nov-29 13:37):
*) support Android usb tethering interface;
*) ipsec - added aes-gcm icv16 encryption mode;
*) wireless - improve rate selection for nstreme protocol
*) poe - new poe controller firmware for RB750UP and OmniTIK UPA;
*) ipsec - added aes-ctr encryption mode;
*) leds - inverted modem signal trigger, now it will trigger when the signal
level rises above the treshold;
*) ipsec - added sha256 and sha512 support;
*) ipsec - proposal defaults changed to aes-128 and sha1 for both phase1 and phase2;
*) certificate - support ip, dns and email subject alternative names;
*) dhcpv4 server - added REMOTE_ID option variable for relayed packets;
*) ipsec - fix policy bypass on IPv6 gre, ipip, eoip tunnels when policy
uses protocol filter;
*) userman - fix crash on tilera;
*) fixed hairpin nat on bridge with use-ip-firewall=yes;
*) fixed vlan on bridge after reboot having 00:00:00:00:00:00 mac address;
*) address-list - allow manually adding timeoutable entries;
*) address-list - show dynamic entry timeout;
*) fixed l2mtu changing on CCRs - could cause port flapping;
*) disabling/enabling ethernet ports did not work properly on CCRs,
could cause port flapping;
*) fixed port flapping on CCR - could happen when having other than
only-hardware-queue interface queue.
Note that having other interface queue than only-hardware-queue
dramatically reduces performace, so should be avoided if possible;
*) support Android usb tethering interface;
*) ipsec - added aes-gcm icv16 encryption mode;
*) wireless - improve rate selection for nstreme protocol
*) poe - new poe controller firmware for RB750UP and OmniTIK UPA;
*) ipsec - added aes-ctr encryption mode;
*) leds - inverted modem signal trigger, now it will trigger when the signal
level rises above the treshold;
*) ipsec - added sha256 and sha512 support;
*) ipsec - proposal defaults changed to aes-128 and sha1 for both phase1 and phase2;
*) certificate - support ip, dns and email subject alternative names;
*) dhcpv4 server - added REMOTE_ID option variable for relayed packets;
*) ipsec - fix policy bypass on IPv6 gre, ipip, eoip tunnels when policy
uses protocol filter;
*) userman - fix crash on tilera;
*) fixed hairpin nat on bridge with use-ip-firewall=yes;
*) fixed vlan on bridge after reboot having 00:00:00:00:00:00 mac address;
*) address-list - allow manually adding timeoutable entries;
*) address-list - show dynamic entry timeout;
*) fixed l2mtu changing on CCRs - could cause port flapping;
*) disabling/enabling ethernet ports did not work properly on CCRs,
could cause port flapping;
*) fixed port flapping on CCR - could happen when having other than
only-hardware-queue interface queue.
Note that having other interface queue than only-hardware-queue
dramatically reduces performace, so should be avoided if possible;
Версия 6.7
2013-12-02
What's new in 6.7 (2013-Nov-29 13:37):
*) support Android usb tethering interface;
*) ipsec - added aes-gcm icv16 encryption mode;
*) wireless - improve rate selection for nstreme protocol
*) poe - new poe controller firmware for RB750UP and OmniTIK UPA;
*) ipsec - added aes-ctr encryption mode;
*) leds - inverted modem signal trigger, now it will trigger when the signal
level rises above the treshold;
*) ipsec - added sha256 and sha512 support;
*) ipsec - proposal defaults changed to aes-128 and sha1 for both phase1 and phase2;
*) certificate - support ip, dns and email subject alternative names;
*) dhcpv4 server - added REMOTE_ID option variable for relayed packets;
*) ipsec - fix policy bypass on IPv6 gre, ipip, eoip tunnels when policy
uses protocol filter;
*) userman - fix crash on tilera;
*) fixed hairpin nat on bridge with use-ip-firewall=yes;
*) fixed vlan on bridge after reboot having 00:00:00:00:00:00 mac address;
*) address-list - allow manually adding timeoutable entries;
*) address-list - show dynamic entry timeout;
*) fixed l2mtu changing on CCRs - could cause port flapping;
*) disabling/enabling ethernet ports did not work properly on CCRs,
could cause port flapping;
*) fixed port flapping on CCR - could happen when having other than
only-hardware-queue interface queue.
Note that having other interface queue than only-hardware-queue
dramatically reduces performace, so should be avoided if possible;
*) support Android usb tethering interface;
*) ipsec - added aes-gcm icv16 encryption mode;
*) wireless - improve rate selection for nstreme protocol
*) poe - new poe controller firmware for RB750UP and OmniTIK UPA;
*) ipsec - added aes-ctr encryption mode;
*) leds - inverted modem signal trigger, now it will trigger when the signal
level rises above the treshold;
*) ipsec - added sha256 and sha512 support;
*) ipsec - proposal defaults changed to aes-128 and sha1 for both phase1 and phase2;
*) certificate - support ip, dns and email subject alternative names;
*) dhcpv4 server - added REMOTE_ID option variable for relayed packets;
*) ipsec - fix policy bypass on IPv6 gre, ipip, eoip tunnels when policy
uses protocol filter;
*) userman - fix crash on tilera;
*) fixed hairpin nat on bridge with use-ip-firewall=yes;
*) fixed vlan on bridge after reboot having 00:00:00:00:00:00 mac address;
*) address-list - allow manually adding timeoutable entries;
*) address-list - show dynamic entry timeout;
*) fixed l2mtu changing on CCRs - could cause port flapping;
*) disabling/enabling ethernet ports did not work properly on CCRs,
could cause port flapping;
*) fixed port flapping on CCR - could happen when having other than
only-hardware-queue interface queue.
Note that having other interface queue than only-hardware-queue
dramatically reduces performace, so should be avoided if possible;
Версия 6.6
2013-11-08
What's new in 6.6 (2013-Nov-07 13:04):
*) winbox - fixed problem where all previous session opened windows were read only;
*) certificate - no more 'reset-certificate-cache' and 'decrypt' commands,
private keys can be decrypted only on 'import', use 'decrypt'
before upgrade if needed;
*) fixed arp-reply only with more than one ip address on interface;
*) fixed RB400 not to reboot by watchdog during micro-sd format;
*) web proxy - fix SPDY server push handling;
*) certificate - merged '/certificate ca issued', '/certificate scep client' and
'/certificate templates' into '/certificate';
*) console - :foreach command can iterate over keys and values in an array,
by specifying two counter variables, e.g.:
:foreach k,v in=[/system clock get] do={:put "$k is $v"};
*) added support for new Intel 10Gb ethernet cards (82599);
*) certificates - fixed certificate import;
*) wireless - fixed crash when dfs was enabled on pre-n wireless cards;
*) fixed port flapping on CCR;
*) winbox - fixed problem where all previous session opened windows were read only;
*) certificate - no more 'reset-certificate-cache' and 'decrypt' commands,
private keys can be decrypted only on 'import', use 'decrypt'
before upgrade if needed;
*) fixed arp-reply only with more than one ip address on interface;
*) fixed RB400 not to reboot by watchdog during micro-sd format;
*) web proxy - fix SPDY server push handling;
*) certificate - merged '/certificate ca issued', '/certificate scep client' and
'/certificate templates' into '/certificate';
*) console - :foreach command can iterate over keys and values in an array,
by specifying two counter variables, e.g.:
:foreach k,v in=[/system clock get] do={:put "$k is $v"};
*) added support for new Intel 10Gb ethernet cards (82599);
*) certificates - fixed certificate import;
*) wireless - fixed crash when dfs was enabled on pre-n wireless cards;
*) fixed port flapping on CCR;
Версия 6.6
2013-11-08
What's new in 6.6 (2013-Nov-07 13:04):
*) winbox - fixed problem where all previous session opened windows were read only;
*) certificate - no more 'reset-certificate-cache' and 'decrypt' commands,
private keys can be decrypted only on 'import', use 'decrypt'
before upgrade if needed;
*) fixed arp-reply only with more than one ip address on interface;
*) fixed RB400 not to reboot by watchdog during micro-sd format;
*) web proxy - fix SPDY server push handling;
*) certificate - merged '/certificate ca issued', '/certificate scep client' and
'/certificate templates' into '/certificate';
*) console - :foreach command can iterate over keys and values in an array,
by specifying two counter variables, e.g.:
:foreach k,v in=[/system clock get] do={:put "$k is $v"};
*) added support for new Intel 10Gb ethernet cards (82599);
*) certificates - fixed certificate import;
*) wireless - fixed crash when dfs was enabled on pre-n wireless cards;
*) fixed port flapping on CCR;
*) winbox - fixed problem where all previous session opened windows were read only;
*) certificate - no more 'reset-certificate-cache' and 'decrypt' commands,
private keys can be decrypted only on 'import', use 'decrypt'
before upgrade if needed;
*) fixed arp-reply only with more than one ip address on interface;
*) fixed RB400 not to reboot by watchdog during micro-sd format;
*) web proxy - fix SPDY server push handling;
*) certificate - merged '/certificate ca issued', '/certificate scep client' and
'/certificate templates' into '/certificate';
*) console - :foreach command can iterate over keys and values in an array,
by specifying two counter variables, e.g.:
:foreach k,v in=[/system clock get] do={:put "$k is $v"};
*) added support for new Intel 10Gb ethernet cards (82599);
*) certificates - fixed certificate import;
*) wireless - fixed crash when dfs was enabled on pre-n wireless cards;
*) fixed port flapping on CCR;
Версия 6.6
2013-11-08
What's new in 6.6 (2013-Nov-07 13:04):
*) winbox - fixed problem where all previous session opened windows were read only;
*) certificate - no more 'reset-certificate-cache' and 'decrypt' commands,
private keys can be decrypted only on 'import', use 'decrypt'
before upgrade if needed;
*) fixed arp-reply only with more than one ip address on interface;
*) fixed RB400 not to reboot by watchdog during micro-sd format;
*) web proxy - fix SPDY server push handling;
*) certificate - merged '/certificate ca issued', '/certificate scep client' and
'/certificate templates' into '/certificate';
*) console - :foreach command can iterate over keys and values in an array,
by specifying two counter variables, e.g.:
:foreach k,v in=[/system clock get] do={:put "$k is $v"};
*) added support for new Intel 10Gb ethernet cards (82599);
*) certificates - fixed certificate import;
*) wireless - fixed crash when dfs was enabled on pre-n wireless cards;
*) fixed port flapping on CCR;
*) winbox - fixed problem where all previous session opened windows were read only;
*) certificate - no more 'reset-certificate-cache' and 'decrypt' commands,
private keys can be decrypted only on 'import', use 'decrypt'
before upgrade if needed;
*) fixed arp-reply only with more than one ip address on interface;
*) fixed RB400 not to reboot by watchdog during micro-sd format;
*) web proxy - fix SPDY server push handling;
*) certificate - merged '/certificate ca issued', '/certificate scep client' and
'/certificate templates' into '/certificate';
*) console - :foreach command can iterate over keys and values in an array,
by specifying two counter variables, e.g.:
:foreach k,v in=[/system clock get] do={:put "$k is $v"};
*) added support for new Intel 10Gb ethernet cards (82599);
*) certificates - fixed certificate import;
*) wireless - fixed crash when dfs was enabled on pre-n wireless cards;
*) fixed port flapping on CCR;
Версия 6.6
2013-11-08
What's new in 6.6 (2013-Nov-07 13:04):
*) winbox - fixed problem where all previous session opened windows were read only;
*) certificate - no more 'reset-certificate-cache' and 'decrypt' commands,
private keys can be decrypted only on 'import', use 'decrypt'
before upgrade if needed;
*) fixed arp-reply only with more than one ip address on interface;
*) fixed RB400 not to reboot by watchdog during micro-sd format;
*) web proxy - fix SPDY server push handling;
*) certificate - merged '/certificate ca issued', '/certificate scep client' and
'/certificate templates' into '/certificate';
*) console - :foreach command can iterate over keys and values in an array,
by specifying two counter variables, e.g.:
:foreach k,v in=[/system clock get] do={:put "$k is $v"};
*) added support for new Intel 10Gb ethernet cards (82599);
*) certificates - fixed certificate import;
*) wireless - fixed crash when dfs was enabled on pre-n wireless cards;
*) fixed port flapping on CCR;
*) winbox - fixed problem where all previous session opened windows were read only;
*) certificate - no more 'reset-certificate-cache' and 'decrypt' commands,
private keys can be decrypted only on 'import', use 'decrypt'
before upgrade if needed;
*) fixed arp-reply only with more than one ip address on interface;
*) fixed RB400 not to reboot by watchdog during micro-sd format;
*) web proxy - fix SPDY server push handling;
*) certificate - merged '/certificate ca issued', '/certificate scep client' and
'/certificate templates' into '/certificate';
*) console - :foreach command can iterate over keys and values in an array,
by specifying two counter variables, e.g.:
:foreach k,v in=[/system clock get] do={:put "$k is $v"};
*) added support for new Intel 10Gb ethernet cards (82599);
*) certificates - fixed certificate import;
*) wireless - fixed crash when dfs was enabled on pre-n wireless cards;
*) fixed port flapping on CCR;
Версия 6.5
2013-10-17
What's new in 6.5 (2013-Oct-16 15:32):
*) tftp - added data packet pipelining for read requests;
*) console - exported physical interface configuration uses 'default-name'
instead of item number to match relevant interface;
*) console - report all constituent errors for parameters with multiple
alternative value types;
*) certificates - merge '/certificate ca' into '/certificate',
use set-ca-passphrase to maintain CA functionality;
*) lcd - backlight option is replaced with "/lcd backlight" command
*) dhcp server - added option to disable conflict-detection;
*) console - ':return' does not trigger 'on-error=' action of ':do' command;
*) route - fixed crash that could be triggered by change in nexthop
address resolution;
*) route - some imported VPNv4 routes were not using MPLS labels;
*) route - imported VPNv4 routes were not always updated or removed when
the original route changed;
*) winbox - fixed problem where all settings were read only on first open;
*) ovpn server - use only ciphers that are allowed not that client requested;
*) ssh client - fixed public key authentication;
*) ipsec - fix peer mathing with non byte aligned masks;
*) fix routerboot upgrading if RouterOS is partitioned;
*) add support for second serial port on CCR boards;
*) fix serial port baudrate selection on CCR boards;
*) ethernet interface stats that are behind switch chip
show real hw stats instead of just the traffic that goes through cpu;
*) tftp - added data packet pipelining for read requests;
*) console - exported physical interface configuration uses 'default-name'
instead of item number to match relevant interface;
*) console - report all constituent errors for parameters with multiple
alternative value types;
*) certificates - merge '/certificate ca' into '/certificate',
use set-ca-passphrase to maintain CA functionality;
*) lcd - backlight option is replaced with "/lcd backlight" command
*) dhcp server - added option to disable conflict-detection;
*) console - ':return' does not trigger 'on-error=' action of ':do' command;
*) route - fixed crash that could be triggered by change in nexthop
address resolution;
*) route - some imported VPNv4 routes were not using MPLS labels;
*) route - imported VPNv4 routes were not always updated or removed when
the original route changed;
*) winbox - fixed problem where all settings were read only on first open;
*) ovpn server - use only ciphers that are allowed not that client requested;
*) ssh client - fixed public key authentication;
*) ipsec - fix peer mathing with non byte aligned masks;
*) fix routerboot upgrading if RouterOS is partitioned;
*) add support for second serial port on CCR boards;
*) fix serial port baudrate selection on CCR boards;
*) ethernet interface stats that are behind switch chip
show real hw stats instead of just the traffic that goes through cpu;
Версия 6.5
2013-10-17
What's new in 6.5 (2013-Oct-16 15:32):
*) tftp - added data packet pipelining for read requests;
*) console - exported physical interface configuration uses 'default-name'
instead of item number to match relevant interface;
*) console - report all constituent errors for parameters with multiple
alternative value types;
*) certificates - merge '/certificate ca' into '/certificate',
use set-ca-passphrase to maintain CA functionality;
*) lcd - backlight option is replaced with "/lcd backlight" command
*) dhcp server - added option to disable conflict-detection;
*) console - ':return' does not trigger 'on-error=' action of ':do' command;
*) route - fixed crash that could be triggered by change in nexthop
address resolution;
*) route - some imported VPNv4 routes were not using MPLS labels;
*) route - imported VPNv4 routes were not always updated or removed when
the original route changed;
*) winbox - fixed problem where all settings were read only on first open;
*) ovpn server - use only ciphers that are allowed not that client requested;
*) ssh client - fixed public key authentication;
*) ipsec - fix peer mathing with non byte aligned masks;
*) fix routerboot upgrading if RouterOS is partitioned;
*) add support for second serial port on CCR boards;
*) fix serial port baudrate selection on CCR boards;
*) ethernet interface stats that are behind switch chip
show real hw stats instead of just the traffic that goes through cpu;
*) tftp - added data packet pipelining for read requests;
*) console - exported physical interface configuration uses 'default-name'
instead of item number to match relevant interface;
*) console - report all constituent errors for parameters with multiple
alternative value types;
*) certificates - merge '/certificate ca' into '/certificate',
use set-ca-passphrase to maintain CA functionality;
*) lcd - backlight option is replaced with "/lcd backlight" command
*) dhcp server - added option to disable conflict-detection;
*) console - ':return' does not trigger 'on-error=' action of ':do' command;
*) route - fixed crash that could be triggered by change in nexthop
address resolution;
*) route - some imported VPNv4 routes were not using MPLS labels;
*) route - imported VPNv4 routes were not always updated or removed when
the original route changed;
*) winbox - fixed problem where all settings were read only on first open;
*) ovpn server - use only ciphers that are allowed not that client requested;
*) ssh client - fixed public key authentication;
*) ipsec - fix peer mathing with non byte aligned masks;
*) fix routerboot upgrading if RouterOS is partitioned;
*) add support for second serial port on CCR boards;
*) fix serial port baudrate selection on CCR boards;
*) ethernet interface stats that are behind switch chip
show real hw stats instead of just the traffic that goes through cpu;
Версия 6.5
2013-10-17
What's new in 6.5 (2013-Oct-16 15:32):
*) tftp - added data packet pipelining for read requests;
*) console - exported physical interface configuration uses 'default-name'
instead of item number to match relevant interface;
*) console - report all constituent errors for parameters with multiple
alternative value types;
*) certificates - merge '/certificate ca' into '/certificate',
use set-ca-passphrase to maintain CA functionality;
*) lcd - backlight option is replaced with "/lcd backlight" command
*) dhcp server - added option to disable conflict-detection;
*) console - ':return' does not trigger 'on-error=' action of ':do' command;
*) route - fixed crash that could be triggered by change in nexthop
address resolution;
*) route - some imported VPNv4 routes were not using MPLS labels;
*) route - imported VPNv4 routes were not always updated or removed when
the original route changed;
*) winbox - fixed problem where all settings were read only on first open;
*) ovpn server - use only ciphers that are allowed not that client requested;
*) ssh client - fixed public key authentication;
*) ipsec - fix peer mathing with non byte aligned masks;
*) fix routerboot upgrading if RouterOS is partitioned;
*) add support for second serial port on CCR boards;
*) fix serial port baudrate selection on CCR boards;
*) ethernet interface stats that are behind switch chip
show real hw stats instead of just the traffic that goes through cpu;
*) tftp - added data packet pipelining for read requests;
*) console - exported physical interface configuration uses 'default-name'
instead of item number to match relevant interface;
*) console - report all constituent errors for parameters with multiple
alternative value types;
*) certificates - merge '/certificate ca' into '/certificate',
use set-ca-passphrase to maintain CA functionality;
*) lcd - backlight option is replaced with "/lcd backlight" command
*) dhcp server - added option to disable conflict-detection;
*) console - ':return' does not trigger 'on-error=' action of ':do' command;
*) route - fixed crash that could be triggered by change in nexthop
address resolution;
*) route - some imported VPNv4 routes were not using MPLS labels;
*) route - imported VPNv4 routes were not always updated or removed when
the original route changed;
*) winbox - fixed problem where all settings were read only on first open;
*) ovpn server - use only ciphers that are allowed not that client requested;
*) ssh client - fixed public key authentication;
*) ipsec - fix peer mathing with non byte aligned masks;
*) fix routerboot upgrading if RouterOS is partitioned;
*) add support for second serial port on CCR boards;
*) fix serial port baudrate selection on CCR boards;
*) ethernet interface stats that are behind switch chip
show real hw stats instead of just the traffic that goes through cpu;
Версия 6.5
2013-10-17
What's new in 6.5 (2013-Oct-16 15:32):
*) tftp - added data packet pipelining for read requests;
*) console - exported physical interface configuration uses 'default-name'
instead of item number to match relevant interface;
*) console - report all constituent errors for parameters with multiple
alternative value types;
*) certificates - merge '/certificate ca' into '/certificate',
use set-ca-passphrase to maintain CA functionality;
*) lcd - backlight option is replaced with "/lcd backlight" command
*) dhcp server - added option to disable conflict-detection;
*) console - ':return' does not trigger 'on-error=' action of ':do' command;
*) route - fixed crash that could be triggered by change in nexthop
address resolution;
*) route - some imported VPNv4 routes were not using MPLS labels;
*) route - imported VPNv4 routes were not always updated or removed when
the original route changed;
*) winbox - fixed problem where all settings were read only on first open;
*) ovpn server - use only ciphers that are allowed not that client requested;
*) ssh client - fixed public key authentication;
*) ipsec - fix peer mathing with non byte aligned masks;
*) fix routerboot upgrading if RouterOS is partitioned;
*) add support for second serial port on CCR boards;
*) fix serial port baudrate selection on CCR boards;
*) ethernet interface stats that are behind switch chip
show real hw stats instead of just the traffic that goes through cpu;
*) tftp - added data packet pipelining for read requests;
*) console - exported physical interface configuration uses 'default-name'
instead of item number to match relevant interface;
*) console - report all constituent errors for parameters with multiple
alternative value types;
*) certificates - merge '/certificate ca' into '/certificate',
use set-ca-passphrase to maintain CA functionality;
*) lcd - backlight option is replaced with "/lcd backlight" command
*) dhcp server - added option to disable conflict-detection;
*) console - ':return' does not trigger 'on-error=' action of ':do' command;
*) route - fixed crash that could be triggered by change in nexthop
address resolution;
*) route - some imported VPNv4 routes were not using MPLS labels;
*) route - imported VPNv4 routes were not always updated or removed when
the original route changed;
*) winbox - fixed problem where all settings were read only on first open;
*) ovpn server - use only ciphers that are allowed not that client requested;
*) ssh client - fixed public key authentication;
*) ipsec - fix peer mathing with non byte aligned masks;
*) fix routerboot upgrading if RouterOS is partitioned;
*) add support for second serial port on CCR boards;
*) fix serial port baudrate selection on CCR boards;
*) ethernet interface stats that are behind switch chip
show real hw stats instead of just the traffic that goes through cpu;
Версия 6.49.9
2023-08-25
What's new in 6.49.9 (2023-May-30 14:46):
(factory only release)
(factory only release)
Версия 6.49.9
2023-08-25
What's new in 6.49.9 (2023-May-30 14:46):
(factory only release)
(factory only release)
Версия 6.49.9
2023-08-25
What's new in 6.49.9 (2023-May-30 14:46):
(factory only release)
(factory only release)
Версия 6.49.7
2022-10-13
What's new in 6.49.7 (2022-Oct-11 17:37):
*) branding - fixed execution of "autorun.scr" file when installing branding package (introduced in v6.47);
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) system - improved handling of user policies;
*) wireless - fixed disconnection of connected client while running background scan on wAP ac and wAP R ac devices;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) branding - fixed execution of "autorun.scr" file when installing branding package (introduced in v6.47);
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) system - improved handling of user policies;
*) wireless - fixed disconnection of connected client while running background scan on wAP ac and wAP R ac devices;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
Версия 6.49.7
2022-10-13
What's new in 6.49.7 (2022-Oct-11 17:37):
*) branding - fixed execution of "autorun.scr" file when installing branding package (introduced in v6.47);
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) system - improved handling of user policies;
*) wireless - fixed disconnection of connected client while running background scan on wAP ac and wAP R ac devices;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) branding - fixed execution of "autorun.scr" file when installing branding package (introduced in v6.47);
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) system - improved handling of user policies;
*) wireless - fixed disconnection of connected client while running background scan on wAP ac and wAP R ac devices;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
Версия 6.49.7
2022-10-13
What's new in 6.49.7 (2022-Oct-11 17:37):
*) branding - fixed execution of "autorun.scr" file when installing branding package (introduced in v6.47);
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) system - improved handling of user policies;
*) wireless - fixed disconnection of connected client while running background scan on wAP ac and wAP R ac devices;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
*) branding - fixed execution of "autorun.scr" file when installing branding package (introduced in v6.47);
*) routerboot - prevent enabling "protected-routerboot" on unsupported factory firmware versions;
*) routerboot - properly reset system configuration when protected bootloader is enabled and reset button used;
*) system - improved handling of user policies;
*) wireless - fixed disconnection of connected client while running background scan on wAP ac and wAP R ac devices;
*) wireless - fixed missing wireless interface on some RB921GS-5HPacD devices;
Версия 6.49.6
2022-04-19
What's new in 6.49.6 (2022-Apr-07 17:53):
*) led - fixed wireless signal strength led on Cube Lite60;
*) routerboot - fixed packet receiving in etherboot on Wireless Wire nRAY;
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) wireless - fixed GUD version in 3gpp information;
*) led - fixed wireless signal strength led on Cube Lite60;
*) routerboot - fixed packet receiving in etherboot on Wireless Wire nRAY;
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) wireless - fixed GUD version in 3gpp information;
Версия 6.49.6
2022-04-19
What's new in 6.49.6 (2022-Apr-07 17:53):
*) led - fixed wireless signal strength led on Cube Lite60;
*) routerboot - fixed packet receiving in etherboot on Wireless Wire nRAY;
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) wireless - fixed GUD version in 3gpp information;
*) led - fixed wireless signal strength led on Cube Lite60;
*) routerboot - fixed packet receiving in etherboot on Wireless Wire nRAY;
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) wireless - fixed GUD version in 3gpp information;
Версия 6.49.6
2022-04-19
What's new in 6.49.6 (2022-Apr-07 17:53):
*) led - fixed wireless signal strength led on Cube Lite60;
*) routerboot - fixed packet receiving in etherboot on Wireless Wire nRAY;
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) wireless - fixed GUD version in 3gpp information;
*) led - fixed wireless signal strength led on Cube Lite60;
*) routerboot - fixed packet receiving in etherboot on Wireless Wire nRAY;
*) winbox - added missing "3GGP RAW" parameter under "Interface/Wireless/Interworking Profile" menu;
*) wireless - fixed GUD version in 3gpp information;
Версия 6.49.5
2022-03-16
What's new in 6.49.5 (2022-Mar-14 13:31):
*) defconf - fixed invalid default password setting after configuration reset (introduced in v6.49.4);
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) defconf - fixed invalid default password setting after configuration reset (introduced in v6.49.4);
*) sfp - improved SFP module detection on CRS106 and CRS112;
Версия 6.49.5
2022-03-16
What's new in 6.49.5 (2022-Mar-14 13:31):
*) defconf - fixed invalid default password setting after configuration reset (introduced in v6.49.4);
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) defconf - fixed invalid default password setting after configuration reset (introduced in v6.49.4);
*) sfp - improved SFP module detection on CRS106 and CRS112;
Версия 6.49.5
2022-03-16
What's new in 6.49.5 (2022-Mar-14 13:31):
*) defconf - fixed invalid default password setting after configuration reset (introduced in v6.49.4);
*) sfp - improved SFP module detection on CRS106 and CRS112;
*) defconf - fixed invalid default password setting after configuration reset (introduced in v6.49.4);
*) sfp - improved SFP module detection on CRS106 and CRS112;
Версия 6.49.4
2022-03-02
What's new in 6.49.4 (2022-Feb-25 09:33):
*) capsman - improved stability when running background scan on CAP;
*) lora - fixed "antenna-gain" parameter unit;
*) ssl - disabled RC4 and 3DES ciphers for "www-ssl", "www-api" and OVPN services;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - updated "philippines" regulatory domain information;
*) capsman - improved stability when running background scan on CAP;
*) lora - fixed "antenna-gain" parameter unit;
*) ssl - disabled RC4 and 3DES ciphers for "www-ssl", "www-api" and OVPN services;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - updated "philippines" regulatory domain information;
Версия 6.49.4
2022-03-02
What's new in 6.49.4 (2022-Feb-25 09:33):
*) capsman - improved stability when running background scan on CAP;
*) lora - fixed "antenna-gain" parameter unit;
*) ssl - disabled RC4 and 3DES ciphers for "www-ssl", "www-api" and OVPN services;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - updated "philippines" regulatory domain information;
*) capsman - improved stability when running background scan on CAP;
*) lora - fixed "antenna-gain" parameter unit;
*) ssl - disabled RC4 and 3DES ciphers for "www-ssl", "www-api" and OVPN services;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - updated "philippines" regulatory domain information;
Версия 6.49.4
2022-03-02
What's new in 6.49.4 (2022-Feb-25 09:33):
*) capsman - improved stability when running background scan on CAP;
*) lora - fixed "antenna-gain" parameter unit;
*) ssl - disabled RC4 and 3DES ciphers for "www-ssl", "www-api" and OVPN services;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - updated "philippines" regulatory domain information;
*) capsman - improved stability when running background scan on CAP;
*) lora - fixed "antenna-gain" parameter unit;
*) ssl - disabled RC4 and 3DES ciphers for "www-ssl", "www-api" and OVPN services;
*) traffic-flow - do not handle NAT events when "nat-events" is disabled;
*) wireless - added "3gpp-info" parameter to interworking configuration;
*) wireless - added EAP-AKA to interworking's realm configuration;
*) wireless - correctly preserve WMM priority when receiving packets;
*) wireless - updated "philippines" regulatory domain information;
Версия 6.49.3
2022-02-15
New RouterOS 6.49.3 (Dec/22/2021 13:49:22):
*) bridge - improved system stability when initialising bridge interface
*) console - updated copyright notice;
*) defconf - fixed secondary-frequency configuration;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) led - fixed default LED configuration for CubeG-5ac60ad;
*) netinstall - fixed x86 installation process;
*) socks - fixed SOCKS5 support;
*) upgrade - improved 404 error handling when checking for new versions;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added U-NII-2 support for US and Canada country profiles for OmniTik 5, Metal 52 ac, and GrooveA 52 devices;
*) x86 - fixed downgrade from RouterOS v7.1.2 and above;
*) bridge - improved system stability when initialising bridge interface
*) console - updated copyright notice;
*) defconf - fixed secondary-frequency configuration;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) led - fixed default LED configuration for CubeG-5ac60ad;
*) netinstall - fixed x86 installation process;
*) socks - fixed SOCKS5 support;
*) upgrade - improved 404 error handling when checking for new versions;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added U-NII-2 support for US and Canada country profiles for OmniTik 5, Metal 52 ac, and GrooveA 52 devices;
*) x86 - fixed downgrade from RouterOS v7.1.2 and above;
Версия 6.49.3
2022-02-15
New RouterOS 6.49.3 (Dec/22/2021 13:49:22):
*) bridge - improved system stability when initialising bridge interface
*) console - updated copyright notice;
*) defconf - fixed secondary-frequency configuration;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) led - fixed default LED configuration for CubeG-5ac60ad;
*) netinstall - fixed x86 installation process;
*) socks - fixed SOCKS5 support;
*) upgrade - improved 404 error handling when checking for new versions;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added U-NII-2 support for US and Canada country profiles for OmniTik 5, Metal 52 ac, and GrooveA 52 devices;
*) x86 - fixed downgrade from RouterOS v7.1.2 and above;
*) bridge - improved system stability when initialising bridge interface
*) console - updated copyright notice;
*) defconf - fixed secondary-frequency configuration;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) led - fixed default LED configuration for CubeG-5ac60ad;
*) netinstall - fixed x86 installation process;
*) socks - fixed SOCKS5 support;
*) upgrade - improved 404 error handling when checking for new versions;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added U-NII-2 support for US and Canada country profiles for OmniTik 5, Metal 52 ac, and GrooveA 52 devices;
*) x86 - fixed downgrade from RouterOS v7.1.2 and above;
Версия 6.49.3
2022-02-15
New RouterOS 6.49.3 (Dec/22/2021 13:49:22):
*) bridge - improved system stability when initialising bridge interface
*) console - updated copyright notice;
*) defconf - fixed secondary-frequency configuration;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) led - fixed default LED configuration for CubeG-5ac60ad;
*) netinstall - fixed x86 installation process;
*) socks - fixed SOCKS5 support;
*) upgrade - improved 404 error handling when checking for new versions;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added U-NII-2 support for US and Canada country profiles for OmniTik 5, Metal 52 ac, and GrooveA 52 devices;
*) x86 - fixed downgrade from RouterOS v7.1.2 and above;
*) bridge - improved system stability when initialising bridge interface
*) console - updated copyright notice;
*) defconf - fixed secondary-frequency configuration;
*) ethernet - improved system stability when receiving large packets on devices with 88F3720 CPU (nRAY, LHGG);
*) led - fixed default LED configuration for CubeG-5ac60ad;
*) netinstall - fixed x86 installation process;
*) socks - fixed SOCKS5 support;
*) upgrade - improved 404 error handling when checking for new versions;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added U-NII-2 support for US and Canada country profiles for OmniTik 5, Metal 52 ac, and GrooveA 52 devices;
*) x86 - fixed downgrade from RouterOS v7.1.2 and above;
Версия 6.49.2
2021-12-06
What's new in 6.49.2 (2021-Dec-03 14:53):
*) device-mode - improved flagged router configuration detection;
*) device-mode - improved flagged router configuration detection;
Версия 6.49.2
2021-12-06
What's new in 6.49.2 (2021-Dec-03 14:53):
*) device-mode - improved flagged router configuration detection;
*) device-mode - improved flagged router configuration detection;
Версия 6.49.2
2021-12-06
What's new in 6.49.2 (2021-Dec-03 14:53):
*) device-mode - improved flagged router configuration detection;
*) device-mode - improved flagged router configuration detection;
Версия 6.49.1
2021-11-17
What's new in 6.49.1 (2021-Nov-17 10:06):
MAJOR CHANGES IN v6.49.1:
----------------------
!) device-mode - added feature locking mechanism;
----------------------
Changes in this release:
*) certificate - improved stability when sending bogus SCEP message;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) health - improved temperature reporting;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) leds - fixed LTE LED default mapping for LHGG;
*) lte - improved RSSI reporting on R11e-LTE6;
*) routerboot - enabling "protected-routerboot" feature requires a press of a button;
*) snmp - fixed IPsec-SA byte and packet counter reporting;
*) sstp - fixed client stuck in "nonce matching" state;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) traffic-flow - added systematic count-based packet sampling support;
*) upgrade - added new "upgrade" channel for upgrades between major versions;
*) winbox - added "Modbus" menu support;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;
*) wireless - fixed frequency range information on IPQ4019;
MAJOR CHANGES IN v6.49.1:
----------------------
!) device-mode - added feature locking mechanism;
----------------------
Changes in this release:
*) certificate - improved stability when sending bogus SCEP message;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) health - improved temperature reporting;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) leds - fixed LTE LED default mapping for LHGG;
*) lte - improved RSSI reporting on R11e-LTE6;
*) routerboot - enabling "protected-routerboot" feature requires a press of a button;
*) snmp - fixed IPsec-SA byte and packet counter reporting;
*) sstp - fixed client stuck in "nonce matching" state;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) traffic-flow - added systematic count-based packet sampling support;
*) upgrade - added new "upgrade" channel for upgrades between major versions;
*) winbox - added "Modbus" menu support;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;
*) wireless - fixed frequency range information on IPQ4019;
Версия 6.49.1
2021-11-17
What's new in 6.49.1 (2021-Nov-17 10:06):
MAJOR CHANGES IN v6.49.1:
----------------------
!) device-mode - added feature locking mechanism;
----------------------
Changes in this release:
*) certificate - improved stability when sending bogus SCEP message;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) health - improved temperature reporting;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) leds - fixed LTE LED default mapping for LHGG;
*) lte - improved RSSI reporting on R11e-LTE6;
*) routerboot - enabling "protected-routerboot" feature requires a press of a button;
*) snmp - fixed IPsec-SA byte and packet counter reporting;
*) sstp - fixed client stuck in "nonce matching" state;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) traffic-flow - added systematic count-based packet sampling support;
*) upgrade - added new "upgrade" channel for upgrades between major versions;
*) winbox - added "Modbus" menu support;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;
*) wireless - fixed frequency range information on IPQ4019;
MAJOR CHANGES IN v6.49.1:
----------------------
!) device-mode - added feature locking mechanism;
----------------------
Changes in this release:
*) certificate - improved stability when sending bogus SCEP message;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) health - improved temperature reporting;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) leds - fixed LTE LED default mapping for LHGG;
*) lte - improved RSSI reporting on R11e-LTE6;
*) routerboot - enabling "protected-routerboot" feature requires a press of a button;
*) snmp - fixed IPsec-SA byte and packet counter reporting;
*) sstp - fixed client stuck in "nonce matching" state;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) traffic-flow - added systematic count-based packet sampling support;
*) upgrade - added new "upgrade" channel for upgrades between major versions;
*) winbox - added "Modbus" menu support;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;
*) wireless - fixed frequency range information on IPQ4019;
Версия 6.49.1
2021-11-17
What's new in 6.49.1 (2021-Nov-17 10:06):
MAJOR CHANGES IN v6.49.1:
----------------------
!) device-mode - added feature locking mechanism;
----------------------
Changes in this release:
*) certificate - improved stability when sending bogus SCEP message;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) health - improved temperature reporting;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) leds - fixed LTE LED default mapping for LHGG;
*) lte - improved RSSI reporting on R11e-LTE6;
*) routerboot - enabling "protected-routerboot" feature requires a press of a button;
*) snmp - fixed IPsec-SA byte and packet counter reporting;
*) sstp - fixed client stuck in "nonce matching" state;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) traffic-flow - added systematic count-based packet sampling support;
*) upgrade - added new "upgrade" channel for upgrades between major versions;
*) winbox - added "Modbus" menu support;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;
*) wireless - fixed frequency range information on IPQ4019;
MAJOR CHANGES IN v6.49.1:
----------------------
!) device-mode - added feature locking mechanism;
----------------------
Changes in this release:
*) certificate - improved stability when sending bogus SCEP message;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) health - improved temperature reporting;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) leds - fixed LTE LED default mapping for LHGG;
*) lte - improved RSSI reporting on R11e-LTE6;
*) routerboot - enabling "protected-routerboot" feature requires a press of a button;
*) snmp - fixed IPsec-SA byte and packet counter reporting;
*) sstp - fixed client stuck in "nonce matching" state;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) traffic-flow - added systematic count-based packet sampling support;
*) upgrade - added new "upgrade" channel for upgrades between major versions;
*) winbox - added "Modbus" menu support;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;
*) wireless - fixed frequency range information on IPQ4019;
Версия 6.49
2021-10-07
What's new in 6.49 (2021-Oct-06 11:55):
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved controller bridge stability when adding RouterOS v7 port extender;
*) bridge - improved port extender stability when creating bond interfaces on excluded ports;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) certificate - improved stability when removing dynamic CRL entries;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed bridge controller and extender packet forwarding for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) discovery - do not send discovery packets on interfaces that are blocked by STP (introduced in v6.48);
*) dns - fixed memory leak caused by large DNS replies;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) gps - improved interface monitoring;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) health - improved temperature readings on hEX S;
*) health - improved temperature reporting;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed memory leak when processing DHCP packets;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) kid-control - improved IPv6 firewall rule generation;
*) led - added LTE LED support for LHGGR;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - added channel plan "il-917" for Israel;
*) lora - fixed "PULL_DATA" token generation;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) quickset - use 5GHz interface's country for "Home AP Dual" configuration;
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - added "sfp-rate-select" setting;
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - added controller bridge section;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) user - added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) user - fixed active user session purging on disconnect;
*) user - show "expired password" prompt for users with blank password;
*) w60g - general stability and performance improvements;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - added "fec-mode" parameter under "Interface/Ethernet" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - minimal required version is v3.30;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability when sending packets through interface after L2MTU is increased;
*) wireless - log client signal strength on disconnect;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "israel" regulatory domain information;
*) wireless - updated "united kingdom" regulatory domain information;
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved controller bridge stability when adding RouterOS v7 port extender;
*) bridge - improved port extender stability when creating bond interfaces on excluded ports;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) certificate - improved stability when removing dynamic CRL entries;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed bridge controller and extender packet forwarding for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) discovery - do not send discovery packets on interfaces that are blocked by STP (introduced in v6.48);
*) dns - fixed memory leak caused by large DNS replies;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) gps - improved interface monitoring;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) health - improved temperature readings on hEX S;
*) health - improved temperature reporting;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed memory leak when processing DHCP packets;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) kid-control - improved IPv6 firewall rule generation;
*) led - added LTE LED support for LHGGR;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - added channel plan "il-917" for Israel;
*) lora - fixed "PULL_DATA" token generation;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) quickset - use 5GHz interface's country for "Home AP Dual" configuration;
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - added "sfp-rate-select" setting;
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - added controller bridge section;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) user - added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) user - fixed active user session purging on disconnect;
*) user - show "expired password" prompt for users with blank password;
*) w60g - general stability and performance improvements;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - added "fec-mode" parameter under "Interface/Ethernet" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - minimal required version is v3.30;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability when sending packets through interface after L2MTU is increased;
*) wireless - log client signal strength on disconnect;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "israel" regulatory domain information;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49
2021-10-07
What's new in 6.49 (2021-Oct-06 11:55):
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved controller bridge stability when adding RouterOS v7 port extender;
*) bridge - improved port extender stability when creating bond interfaces on excluded ports;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) certificate - improved stability when removing dynamic CRL entries;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed bridge controller and extender packet forwarding for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) discovery - do not send discovery packets on interfaces that are blocked by STP (introduced in v6.48);
*) dns - fixed memory leak caused by large DNS replies;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) gps - improved interface monitoring;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) health - improved temperature readings on hEX S;
*) health - improved temperature reporting;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed memory leak when processing DHCP packets;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) kid-control - improved IPv6 firewall rule generation;
*) led - added LTE LED support for LHGGR;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - added channel plan "il-917" for Israel;
*) lora - fixed "PULL_DATA" token generation;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) quickset - use 5GHz interface's country for "Home AP Dual" configuration;
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - added "sfp-rate-select" setting;
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - added controller bridge section;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) user - added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) user - fixed active user session purging on disconnect;
*) user - show "expired password" prompt for users with blank password;
*) w60g - general stability and performance improvements;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - added "fec-mode" parameter under "Interface/Ethernet" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - minimal required version is v3.30;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability when sending packets through interface after L2MTU is increased;
*) wireless - log client signal strength on disconnect;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "israel" regulatory domain information;
*) wireless - updated "united kingdom" regulatory domain information;
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved controller bridge stability when adding RouterOS v7 port extender;
*) bridge - improved port extender stability when creating bond interfaces on excluded ports;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) certificate - improved stability when removing dynamic CRL entries;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed bridge controller and extender packet forwarding for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) discovery - do not send discovery packets on interfaces that are blocked by STP (introduced in v6.48);
*) dns - fixed memory leak caused by large DNS replies;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) gps - improved interface monitoring;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) health - improved temperature readings on hEX S;
*) health - improved temperature reporting;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed memory leak when processing DHCP packets;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) kid-control - improved IPv6 firewall rule generation;
*) led - added LTE LED support for LHGGR;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - added channel plan "il-917" for Israel;
*) lora - fixed "PULL_DATA" token generation;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) quickset - use 5GHz interface's country for "Home AP Dual" configuration;
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - added "sfp-rate-select" setting;
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - added controller bridge section;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) user - added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) user - fixed active user session purging on disconnect;
*) user - show "expired password" prompt for users with blank password;
*) w60g - general stability and performance improvements;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - added "fec-mode" parameter under "Interface/Ethernet" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - minimal required version is v3.30;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability when sending packets through interface after L2MTU is increased;
*) wireless - log client signal strength on disconnect;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "israel" regulatory domain information;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.49
2021-10-07
What's new in 6.49 (2021-Oct-06 11:55):
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved controller bridge stability when adding RouterOS v7 port extender;
*) bridge - improved port extender stability when creating bond interfaces on excluded ports;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) certificate - improved stability when removing dynamic CRL entries;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed bridge controller and extender packet forwarding for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) discovery - do not send discovery packets on interfaces that are blocked by STP (introduced in v6.48);
*) dns - fixed memory leak caused by large DNS replies;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) gps - improved interface monitoring;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) health - improved temperature readings on hEX S;
*) health - improved temperature reporting;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed memory leak when processing DHCP packets;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) kid-control - improved IPv6 firewall rule generation;
*) led - added LTE LED support for LHGGR;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - added channel plan "il-917" for Israel;
*) lora - fixed "PULL_DATA" token generation;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) quickset - use 5GHz interface's country for "Home AP Dual" configuration;
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - added "sfp-rate-select" setting;
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - added controller bridge section;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) user - added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) user - fixed active user session purging on disconnect;
*) user - show "expired password" prompt for users with blank password;
*) w60g - general stability and performance improvements;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - added "fec-mode" parameter under "Interface/Ethernet" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - minimal required version is v3.30;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability when sending packets through interface after L2MTU is increased;
*) wireless - log client signal strength on disconnect;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "israel" regulatory domain information;
*) wireless - updated "united kingdom" regulatory domain information;
*) branding - fixed LCD logo loading from branding package when installed via Netinstall;
*) branding - properly clean up old branding files before installing a new one;
*) bridge - added IGMP and MLD querier monitoring;
*) bridge - added IGMP snooping log when multicast table gets full;
*) bridge - fixed external flag in the host table for wireless clients;
*) bridge - improved controller bridge stability when adding RouterOS v7 port extender;
*) bridge - improved port extender stability when creating bond interfaces on excluded ports;
*) bridge - improved stability when quickly adding and removing bridge interface;
*) certificate - improved stability when removing dynamic CRL entries;
*) chr - fixed OS provisioning on Azure;
*) chr - improved stability when changing "flow-control" settings on interfaces with e1000 drivers;
*) conntrack - increased total connection tracking table size based on installed RAM size;
*) console - require "write+ftp" permissions for executing script to file;
*) console - require "write+ftp" permissions for printing to file;
*) crs3xx - correctly filter packets by L2MTU on 1Gbps Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed LEDs for QSFP+ interface on CRS326-24S+2Q+ device;
*) crs3xx - fixed SFP and SFP+ link rate reporting (introduced in v6.48beta11);
*) crs3xx - fixed bridge controller and extender packet forwarding for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed interface flow control;
*) crs3xx - improved QSFP+ linking and mode changing for CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved packet transmit on SFP+ interfaces;
*) crs3xx - improved switch resource allocation for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - apply default configuration from branding package when performing reset with button;
*) defconf - removed overlapping IPv6 firewall rules;
*) defconf - use router as DNS server for DHCP hosts;
*) dhcp-server - fixed DHCP Option decimal value parsing;
*) dhcpv4-server - reset dynamic "bcast" flag when receiving offer from DHCP relay;
*) dhcpv4-server - reset lease's dynamic "bcast" flag on packets from relay;
*) dhcpv6-server - check if pool name has changed from RADIUS on renew;
*) dhcpv6-server - improved dynamic server entry update;
*) discovery - do not send discovery packets on interfaces that are blocked by STP (introduced in v6.48);
*) dns - fixed memory leak caused by large DNS replies;
*) firewall - fixed "ingress-priority" matcher;
*) firewall - fixed GRE protocol packets considered invalid when PPTP helper is disabled;
*) gps - improved interface monitoring;
*) health - added "phy-temperature" sensor monitoring for CRS312 device;
*) health - improved temperature readings on hEX S;
*) health - improved temperature reporting;
*) ike2 - added support for ASN.1 DN "my-id" value setting for initiators;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ike2 - fixed initiator packet retransmit with DDOS cookie;
*) ipsec - fixed memory leak when processing DHCP packets;
*) ipsec - improved SA update by SPI;
*) ipsec - improved system stability on CHR;
*) ipsec - improved system stability on MMIPS devices;
*) kid-control - improved IPv6 firewall rule generation;
*) led - added LTE LED support for LHGGR;
*) leds - fixed LTE LED default mapping for wAP R ac LTE kit;
*) lora - added additional predefined network servers;
*) lora - added channel plan "il-917" for Israel;
*) lora - fixed "PULL_DATA" token generation;
*) m33g - improved support for "/system gpio" menu ("/system routerboard upgrade" required);
*) m33g - removed 12..16 pins from "/system gpio" menu;
*) mipsbe - improved booting speed on non-NAND devices ("/system routerboard upgrade" required);
*) mpls - allow to disable FastPath (CLI only);
*) mqtt - added server name indication;
*) netinstall - fixed lock file persistence after reinstall;
*) netinstall - improved bootp packet handling on Linux netinstall-cli version when multiple NIC's are present;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) ntp - use correct IPv6 multicast group for SNTP client;
*) package - always allow to uninstall package even if there is no free disk space left;
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) quickset - use 5GHz interface's country for "Home AP Dual" configuration;
*) routerboard - fixed "reformat-hold-button-max" validation for values below 10s;
*) sfp - added "sfp-rate-select" setting;
*) sfp - fixed GPON module linking (introduced in v6.47);
*) sfp - improved 25Gbps optical module stability and linking;
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp - improved link stability for 10G, 25G and 40G modules on CRS309, CRS312, CRS326-24S+2Q+ CRS354 and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) snmp - added "engine-id" OID support;
*) snmp - fixed "ipNetToMediaType" OID for incomplete entries;
*) ssh - fixed "undo" functionality;
*) supout - added controller bridge section;
*) supout - print detailed list of active user sessions;
*) switch - fixed (R/M)STP port blocking right before switching them in HW bridge (fixes possible packet loop when changing bridge settings);
*) switch - improved packet transmit between CPU and 98PX1012 for CCR2004-1G-12S+2XS device;
*) swos - fixed "static-ip-address" parameter;
*) tr069-client - added "X_MIKROTIK_LinkDowns" parameter for interface "link-downs" value reporting;
*) tr069-client - added support for Ethernet link speed reporting;
*) tr069-client - added support for interface comment reporting and editing;
*) tr069-client - added support for supout file upload;
*) tr069-client - fixed traceroute diagnostics time values;
*) tr069-client - improved XML with new-lines for readable output;
*) tr069-client - improved stability for download/upload diagnostics;
*) upgrade - fixed free space checking on flash type memories when installing new packages;
*) ups - added battery info for APC Back-UPS BX750MI;
*) user - added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) user - fixed active user session purging on disconnect;
*) user - show "expired password" prompt for users with blank password;
*) w60g - general stability and performance improvements;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) webfig - added support for logo image from branding package;
*) webfig - do not show value units twice;
*) webfig - fixed "Wireless/CAP" menu opening;
*) webfig - fixed interface sorting by name;
*) webfig - show only "Close" button under "Wireless/Wireless Sniffer/Sniffed Packets" menu;
*) winbox - added "dhcp" option to "multicast-helper" setting;
*) winbox - added "fec-mode" parameter under "Interface/Ethernet" menu;
*) winbox - added "interface-speed-100G" LED type to "System/LEDs" menu;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - added "sfp-shutdown-temperature" setting to SFP interfaces;
*) winbox - added SSH settings under "IP/SSH" menu;
*) winbox - added TFTP settings under "IP/TFTP/Settings" menu;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to add/remove W60G interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - fixed "Secondary Frequency" parameter setting under "CAPsMAN/Channel" menu;
*) winbox - fixed DNS "cache-size" parameter setting;
*) winbox - fixed health reporting on RB960, hEX, hEX S and hAP ac3 devices;
*) winbox - fixed order of weekdays under "IP/Firewall" menu;
*) winbox - fixed support for "Delegated-IPv6-Prefix" for PPP services;
*) winbox - match "MAC Protocol-Num" predefined values under "Bridge/Filters" menu;
*) winbox - minimal required version is v3.30;
*) winbox - properly show "CRL Signature" field under "System/Certificate" menu;
*) winbox - separated CCQ Tx and Rx values in their own unique columns;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) winbox - show IPv6 address in separate field under "IP/Cloud" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
*) wireless - added override for multicast-to-unicast translation of DHCP traffic;
*) wireless - do not remove channels >2462 MHz from "scanlist" if scanning for fixed channel;
*) wireless - do not send packet back to station-bridge it was received from;
*) wireless - fixed minor typo in debug logging messages;
*) wireless - improve WMM priority assignment for packets with internal priority greater than 7;
*) wireless - improve regulatory compliance with DFS requirements;
*) wireless - improve signaling of QCA9984 interface capabilities when using 160/80+80MHz channel width;
*) wireless - improved system stability when sending packets through interface after L2MTU is increased;
*) wireless - log client signal strength on disconnect;
*) wireless - renamed "secondary-channel" to "secondary-frequency";
*) wireless - updated "israel" regulatory domain information;
*) wireless - updated "united kingdom" regulatory domain information;
Версия 6.48.4
2021-08-23
What's new in 6.48.4 (2021-Aug-18 06:43):
*) branding - fixed missing branding skins if "skins" folder does not exist;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) capsman - use Bits instead of Bytes for "ap-tx-limit" and "client-tx-limit" parameters;
*) crs3xx - fixed unknown multicast flood to CPU when IGMP snooping is used;
*) crs3xx - improved system stability when increasing interface L2MTU for CRS318 devices;
*) defconf - fixed default configuration loading on LHG R;
*) defconf - fixed minor typo in configuration description;
*) dhcpv6-server - fixed false missing IPv6 Pool warning for dynamic bindings;
*) dns - fixed CNAME query when target record is not in cache;
*) dns - fixed cache memory leak when resolving CNAME domains;
*) health - fixed voltage monitor on BaseBox5 devices;
*) health - improved temperature reporting;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) leds - fixed "/system leds" menu on RBLHG-2nD;
*) lora - added additional predefined network servers;
*) lte - added support for Sharp 809SH;
*) routerboard - fixed "reset-button" on hAP ac;
*) system - improved stability when receiving bogus packets;
*) telnet - fixed "routing-table" parameter usage;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show "units" twice in multi list entries;
*) winbox - added "Cloud Backup" options under "Files" menu;
*) winbox - added "interworking-profile" parameter under "Wireless" menu;
*) winbox - added support for PTP;
*) winbox - do not show "Functionality" field for LTE interface if it is not provided;
*) winbox - fixed "Switch" menu on RBwAPG;
*) winbox - fixed "vid" parameter under "Bridge/Hosts" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac^3;
*) wireless - added U-NII-2 support for US and Canada country profiles for hap ac, hAP ac^3 LTE6, Audience and Audience LTE6;
*) wireless - updated "israel" regulatory domain information;
*) branding - fixed missing branding skins if "skins" folder does not exist;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) capsman - use Bits instead of Bytes for "ap-tx-limit" and "client-tx-limit" parameters;
*) crs3xx - fixed unknown multicast flood to CPU when IGMP snooping is used;
*) crs3xx - improved system stability when increasing interface L2MTU for CRS318 devices;
*) defconf - fixed default configuration loading on LHG R;
*) defconf - fixed minor typo in configuration description;
*) dhcpv6-server - fixed false missing IPv6 Pool warning for dynamic bindings;
*) dns - fixed CNAME query when target record is not in cache;
*) dns - fixed cache memory leak when resolving CNAME domains;
*) health - fixed voltage monitor on BaseBox5 devices;
*) health - improved temperature reporting;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) leds - fixed "/system leds" menu on RBLHG-2nD;
*) lora - added additional predefined network servers;
*) lte - added support for Sharp 809SH;
*) routerboard - fixed "reset-button" on hAP ac;
*) system - improved stability when receiving bogus packets;
*) telnet - fixed "routing-table" parameter usage;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show "units" twice in multi list entries;
*) winbox - added "Cloud Backup" options under "Files" menu;
*) winbox - added "interworking-profile" parameter under "Wireless" menu;
*) winbox - added support for PTP;
*) winbox - do not show "Functionality" field for LTE interface if it is not provided;
*) winbox - fixed "Switch" menu on RBwAPG;
*) winbox - fixed "vid" parameter under "Bridge/Hosts" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac^3;
*) wireless - added U-NII-2 support for US and Canada country profiles for hap ac, hAP ac^3 LTE6, Audience and Audience LTE6;
*) wireless - updated "israel" regulatory domain information;
Версия 6.48.4
2021-08-23
What's new in 6.48.4 (2021-Aug-18 06:43):
*) branding - fixed missing branding skins if "skins" folder does not exist;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) capsman - use Bits instead of Bytes for "ap-tx-limit" and "client-tx-limit" parameters;
*) crs3xx - fixed unknown multicast flood to CPU when IGMP snooping is used;
*) crs3xx - improved system stability when increasing interface L2MTU for CRS318 devices;
*) defconf - fixed default configuration loading on LHG R;
*) defconf - fixed minor typo in configuration description;
*) dhcpv6-server - fixed false missing IPv6 Pool warning for dynamic bindings;
*) dns - fixed CNAME query when target record is not in cache;
*) dns - fixed cache memory leak when resolving CNAME domains;
*) health - fixed voltage monitor on BaseBox5 devices;
*) health - improved temperature reporting;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) leds - fixed "/system leds" menu on RBLHG-2nD;
*) lora - added additional predefined network servers;
*) lte - added support for Sharp 809SH;
*) routerboard - fixed "reset-button" on hAP ac;
*) system - improved stability when receiving bogus packets;
*) telnet - fixed "routing-table" parameter usage;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show "units" twice in multi list entries;
*) winbox - added "Cloud Backup" options under "Files" menu;
*) winbox - added "interworking-profile" parameter under "Wireless" menu;
*) winbox - added support for PTP;
*) winbox - do not show "Functionality" field for LTE interface if it is not provided;
*) winbox - fixed "Switch" menu on RBwAPG;
*) winbox - fixed "vid" parameter under "Bridge/Hosts" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac^3;
*) wireless - added U-NII-2 support for US and Canada country profiles for hap ac, hAP ac^3 LTE6, Audience and Audience LTE6;
*) wireless - updated "israel" regulatory domain information;
*) branding - fixed missing branding skins if "skins" folder does not exist;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) capsman - use Bits instead of Bytes for "ap-tx-limit" and "client-tx-limit" parameters;
*) crs3xx - fixed unknown multicast flood to CPU when IGMP snooping is used;
*) crs3xx - improved system stability when increasing interface L2MTU for CRS318 devices;
*) defconf - fixed default configuration loading on LHG R;
*) defconf - fixed minor typo in configuration description;
*) dhcpv6-server - fixed false missing IPv6 Pool warning for dynamic bindings;
*) dns - fixed CNAME query when target record is not in cache;
*) dns - fixed cache memory leak when resolving CNAME domains;
*) health - fixed voltage monitor on BaseBox5 devices;
*) health - improved temperature reporting;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) leds - fixed "/system leds" menu on RBLHG-2nD;
*) lora - added additional predefined network servers;
*) lte - added support for Sharp 809SH;
*) routerboard - fixed "reset-button" on hAP ac;
*) system - improved stability when receiving bogus packets;
*) telnet - fixed "routing-table" parameter usage;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show "units" twice in multi list entries;
*) winbox - added "Cloud Backup" options under "Files" menu;
*) winbox - added "interworking-profile" parameter under "Wireless" menu;
*) winbox - added support for PTP;
*) winbox - do not show "Functionality" field for LTE interface if it is not provided;
*) winbox - fixed "Switch" menu on RBwAPG;
*) winbox - fixed "vid" parameter under "Bridge/Hosts" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac^3;
*) wireless - added U-NII-2 support for US and Canada country profiles for hap ac, hAP ac^3 LTE6, Audience and Audience LTE6;
*) wireless - updated "israel" regulatory domain information;
Версия 6.48.4
2021-08-23
What's new in 6.48.4 (2021-Aug-18 06:43):
*) branding - fixed missing branding skins if "skins" folder does not exist;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) capsman - use Bits instead of Bytes for "ap-tx-limit" and "client-tx-limit" parameters;
*) crs3xx - fixed unknown multicast flood to CPU when IGMP snooping is used;
*) crs3xx - improved system stability when increasing interface L2MTU for CRS318 devices;
*) defconf - fixed default configuration loading on LHG R;
*) defconf - fixed minor typo in configuration description;
*) dhcpv6-server - fixed false missing IPv6 Pool warning for dynamic bindings;
*) dns - fixed CNAME query when target record is not in cache;
*) dns - fixed cache memory leak when resolving CNAME domains;
*) health - fixed voltage monitor on BaseBox5 devices;
*) health - improved temperature reporting;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) leds - fixed "/system leds" menu on RBLHG-2nD;
*) lora - added additional predefined network servers;
*) lte - added support for Sharp 809SH;
*) routerboard - fixed "reset-button" on hAP ac;
*) system - improved stability when receiving bogus packets;
*) telnet - fixed "routing-table" parameter usage;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show "units" twice in multi list entries;
*) winbox - added "Cloud Backup" options under "Files" menu;
*) winbox - added "interworking-profile" parameter under "Wireless" menu;
*) winbox - added support for PTP;
*) winbox - do not show "Functionality" field for LTE interface if it is not provided;
*) winbox - fixed "Switch" menu on RBwAPG;
*) winbox - fixed "vid" parameter under "Bridge/Hosts" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac^3;
*) wireless - added U-NII-2 support for US and Canada country profiles for hap ac, hAP ac^3 LTE6, Audience and Audience LTE6;
*) wireless - updated "israel" regulatory domain information;
*) branding - fixed missing branding skins if "skins" folder does not exist;
*) bridge - added MAC and IP source addresses information for DHCP snooping log;
*) bridge - fixed "vlan-encap" setting for filter and NAT rules;
*) bridge - improved system stability when using IGMP snooping and changing bridge MAC address;
*) capsman - use Bits instead of Bytes for "ap-tx-limit" and "client-tx-limit" parameters;
*) crs3xx - fixed unknown multicast flood to CPU when IGMP snooping is used;
*) crs3xx - improved system stability when increasing interface L2MTU for CRS318 devices;
*) defconf - fixed default configuration loading on LHG R;
*) defconf - fixed minor typo in configuration description;
*) dhcpv6-server - fixed false missing IPv6 Pool warning for dynamic bindings;
*) dns - fixed CNAME query when target record is not in cache;
*) dns - fixed cache memory leak when resolving CNAME domains;
*) health - fixed voltage monitor on BaseBox5 devices;
*) health - improved temperature reporting;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) leds - fixed "/system leds" menu on RBLHG-2nD;
*) lora - added additional predefined network servers;
*) lte - added support for Sharp 809SH;
*) routerboard - fixed "reset-button" on hAP ac;
*) system - improved stability when receiving bogus packets;
*) telnet - fixed "routing-table" parameter usage;
*) w60g - improved stability in low temperature environments;
*) webfig - do not show "units" twice in multi list entries;
*) winbox - added "Cloud Backup" options under "Files" menu;
*) winbox - added "interworking-profile" parameter under "Wireless" menu;
*) winbox - added support for PTP;
*) winbox - do not show "Functionality" field for LTE interface if it is not provided;
*) winbox - fixed "Switch" menu on RBwAPG;
*) winbox - fixed "vid" parameter under "Bridge/Hosts" menu;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac^3;
*) wireless - added U-NII-2 support for US and Canada country profiles for hap ac, hAP ac^3 LTE6, Audience and Audience LTE6;
*) wireless - updated "israel" regulatory domain information;
Версия 6.48.3
2021-05-26
What's new in 6.48.3 (2021-May-25 06:09):
MAJOR CHANGES IN v6.48.3:
----------------------
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
----------------------
*) branding - added option to upload custom files (newly generated branding package required);
*) console - do not clear environment values if any global variable is set;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ipsec - fixed SA address parameter exporting;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) package - added new "iot" package with Bluetooth (KNOT only) and MQTT publisher support;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) ssh - return proper error code from executed command;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) winbox - fixed health reporting on RB960, hEX and hEX S devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improved iOS compatibility with HotSpot 2.0 networks;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
MAJOR CHANGES IN v6.48.3:
----------------------
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
----------------------
*) branding - added option to upload custom files (newly generated branding package required);
*) console - do not clear environment values if any global variable is set;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ipsec - fixed SA address parameter exporting;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) package - added new "iot" package with Bluetooth (KNOT only) and MQTT publisher support;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) ssh - return proper error code from executed command;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) winbox - fixed health reporting on RB960, hEX and hEX S devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improved iOS compatibility with HotSpot 2.0 networks;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Версия 6.48.3
2021-05-26
What's new in 6.48.3 (2021-May-25 06:09):
MAJOR CHANGES IN v6.48.3:
----------------------
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
----------------------
*) branding - added option to upload custom files (newly generated branding package required);
*) console - do not clear environment values if any global variable is set;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ipsec - fixed SA address parameter exporting;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) package - added new "iot" package with Bluetooth (KNOT only) and MQTT publisher support;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) ssh - return proper error code from executed command;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) winbox - fixed health reporting on RB960, hEX and hEX S devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improved iOS compatibility with HotSpot 2.0 networks;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
MAJOR CHANGES IN v6.48.3:
----------------------
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
----------------------
*) branding - added option to upload custom files (newly generated branding package required);
*) console - do not clear environment values if any global variable is set;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ipsec - fixed SA address parameter exporting;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) package - added new "iot" package with Bluetooth (KNOT only) and MQTT publisher support;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) ssh - return proper error code from executed command;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) winbox - fixed health reporting on RB960, hEX and hEX S devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improved iOS compatibility with HotSpot 2.0 networks;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Версия 6.48.3
2021-05-26
What's new in 6.48.3 (2021-May-25 06:09):
MAJOR CHANGES IN v6.48.3:
----------------------
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
----------------------
*) branding - added option to upload custom files (newly generated branding package required);
*) console - do not clear environment values if any global variable is set;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ipsec - fixed SA address parameter exporting;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) package - added new "iot" package with Bluetooth (KNOT only) and MQTT publisher support;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) ssh - return proper error code from executed command;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) winbox - fixed health reporting on RB960, hEX and hEX S devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improved iOS compatibility with HotSpot 2.0 networks;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
MAJOR CHANGES IN v6.48.3:
----------------------
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
----------------------
*) branding - added option to upload custom files (newly generated branding package required);
*) console - do not clear environment values if any global variable is set;
*) crs3xx - fixed Ethernet LEDs after reboot for CRS354 devices;
*) crs3xx - fixed VLAN priority removal for CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved LACP linking between CRS3xx series switches;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48);
*) dot1x - fixed MAC authentication fallback (introduced in v6.48);
*) ipsec - fixed SA address parameter exporting;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) package - added new "iot" package with Bluetooth (KNOT only) and MQTT publisher support;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) ssh - return proper error code from executed command;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) webfig - fixed "PortMapping" button (introduced in v6.48.2);
*) winbox - fixed health reporting on RB960, hEX and hEX S devices;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improved iOS compatibility with HotSpot 2.0 networks;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Версия 6.48.2
2021-04-13
What's new in 6.48.2 (2021-Apr-09 10:17):
*) bonding - improved system stability when disabling/enabling bonding ports;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - updated copyright notice;
*) crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) dhcp - fixed link state checking for DHCP client;
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) lora - added option to hide CRC error messages in monitor;
*) lora - improved downlink transmission;
*) ospf - fixed type-7 LSA translation to type-5;
*) ovpn - fixed route cache entry leak when establishing a new session;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) ptp - improved management service stability when receiving bogus packets;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb3011 - improved system stability when changing RouterBOARD settings (introduced in v6.48);
*) snmp - fixed SNMP trap agent address;
*) supout - fixed "topic" column presence in "Log" section;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tr069-client - improved management service stability when receiving bogus packets;
*) upgrade - fixed upgrade procedure on 16MB devices;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - fixed new interface addition;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) bonding - improved system stability when disabling/enabling bonding ports;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - updated copyright notice;
*) crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) dhcp - fixed link state checking for DHCP client;
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) lora - added option to hide CRC error messages in monitor;
*) lora - improved downlink transmission;
*) ospf - fixed type-7 LSA translation to type-5;
*) ovpn - fixed route cache entry leak when establishing a new session;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) ptp - improved management service stability when receiving bogus packets;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb3011 - improved system stability when changing RouterBOARD settings (introduced in v6.48);
*) snmp - fixed SNMP trap agent address;
*) supout - fixed "topic" column presence in "Log" section;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tr069-client - improved management service stability when receiving bogus packets;
*) upgrade - fixed upgrade procedure on 16MB devices;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - fixed new interface addition;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
Версия 6.48.2
2021-04-13
What's new in 6.48.2 (2021-Apr-09 10:17):
*) bonding - improved system stability when disabling/enabling bonding ports;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - updated copyright notice;
*) crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) dhcp - fixed link state checking for DHCP client;
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) lora - added option to hide CRC error messages in monitor;
*) lora - improved downlink transmission;
*) ospf - fixed type-7 LSA translation to type-5;
*) ovpn - fixed route cache entry leak when establishing a new session;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) ptp - improved management service stability when receiving bogus packets;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb3011 - improved system stability when changing RouterBOARD settings (introduced in v6.48);
*) snmp - fixed SNMP trap agent address;
*) supout - fixed "topic" column presence in "Log" section;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tr069-client - improved management service stability when receiving bogus packets;
*) upgrade - fixed upgrade procedure on 16MB devices;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - fixed new interface addition;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) bonding - improved system stability when disabling/enabling bonding ports;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - updated copyright notice;
*) crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) dhcp - fixed link state checking for DHCP client;
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) lora - added option to hide CRC error messages in monitor;
*) lora - improved downlink transmission;
*) ospf - fixed type-7 LSA translation to type-5;
*) ovpn - fixed route cache entry leak when establishing a new session;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) ptp - improved management service stability when receiving bogus packets;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb3011 - improved system stability when changing RouterBOARD settings (introduced in v6.48);
*) snmp - fixed SNMP trap agent address;
*) supout - fixed "topic" column presence in "Log" section;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tr069-client - improved management service stability when receiving bogus packets;
*) upgrade - fixed upgrade procedure on 16MB devices;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - fixed new interface addition;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
Версия 6.48.2
2021-04-13
What's new in 6.48.2 (2021-Apr-09 10:17):
*) bonding - improved system stability when disabling/enabling bonding ports;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - updated copyright notice;
*) crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) dhcp - fixed link state checking for DHCP client;
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) lora - added option to hide CRC error messages in monitor;
*) lora - improved downlink transmission;
*) ospf - fixed type-7 LSA translation to type-5;
*) ovpn - fixed route cache entry leak when establishing a new session;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) ptp - improved management service stability when receiving bogus packets;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb3011 - improved system stability when changing RouterBOARD settings (introduced in v6.48);
*) snmp - fixed SNMP trap agent address;
*) supout - fixed "topic" column presence in "Log" section;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tr069-client - improved management service stability when receiving bogus packets;
*) upgrade - fixed upgrade procedure on 16MB devices;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - fixed new interface addition;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) bonding - improved system stability when disabling/enabling bonding ports;
*) bridge - improved bridge stability when host changes port (introduced in v6.47);
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - updated copyright notice;
*) crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed packet transmit in 5Gbps link rate for CRS312 device;
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) dhcp - fixed link state checking for DHCP client;
*) ethernet - fixed cable-test for some devices (e.g. RB2011, RB951G-2HnD);
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) fastpath - fixed IP packet receive on bridge and bonding interfaces when destination MAC address match with slave port MAC;
*) health - fixed voltage monitor on BaseBox5 devices;
*) ike2 - added "MS-CHAP-Domain" attribute to RADIUS requests;
*) ike2 - fixed DH group negotiation with EAP;
*) ike2 - fixed EAP MSK length validation (introduced in v6.48);
*) ike2 - fixed initial traffic selector's protocol and port in transport mode;
*) ipv6 - improved system stability when parsing IPv6 options;
*) lora - added additional predefined network servers;
*) lora - added option to hide CRC error messages in monitor;
*) lora - improved downlink transmission;
*) ospf - fixed type-7 LSA translation to type-5;
*) ovpn - fixed route cache entry leak when establishing a new session;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) ptp - improved management service stability when receiving bogus packets;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb3011 - improved system stability when changing RouterBOARD settings (introduced in v6.48);
*) snmp - fixed SNMP trap agent address;
*) supout - fixed "topic" column presence in "Log" section;
*) switch - improved resource allocation on 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tr069-client - improved management service stability when receiving bogus packets;
*) upgrade - fixed upgrade procedure on 16MB devices;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) user - fixed "skin" configuration for user groups (introduced in v6.48);
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - do not show newly created SMB shares as invalid;
*) webfig - fixed new interface addition;
*) webfig - show "Interfaces" menu by default after logging in;
*) webfig - show "network-mode" for LTE modems that support it;
*) winbox - added "Channel" parameter under "System/Console" menu;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed duplicate "Trusted" setting under "Interface/Bridge/Ports" menu;
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
Версия 6.48.1
2021-02-05
What's new in 6.48.1 (2021-Feb-03 10:54):
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - fixed packet duplication when multiple bonding interfaces are created for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on ether37-ether48 ports for CRS354 device;
*) crs3xx - improved load balancing on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when bonding and IGMP snooping is used (introduced in v6.48);
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) ike2 - fixed phase 2 rekeying with enabled PFS (introduced in v6.48);
*) ike2 - improved stability when invalid certificate is configured (introduced in v6.48);
*) ike2 - properly register packet time after expensive CPU operations;
*) interface - fixed pwr-line interface linking (introduced in v6.48);
*) ipsec - improved stability when processing IPv6 packets larger than interface MTU;
*) led - fixed default LED configuration for RB911-5HnD;
*) package - do not include multiple The Dude packages in HDD installer;
*) snmp - fixed "send-trap" functionality (introduced in v6.48);
*) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - fixed packet duplication when multiple bonding interfaces are created for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on ether37-ether48 ports for CRS354 device;
*) crs3xx - improved load balancing on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when bonding and IGMP snooping is used (introduced in v6.48);
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) ike2 - fixed phase 2 rekeying with enabled PFS (introduced in v6.48);
*) ike2 - improved stability when invalid certificate is configured (introduced in v6.48);
*) ike2 - properly register packet time after expensive CPU operations;
*) interface - fixed pwr-line interface linking (introduced in v6.48);
*) ipsec - improved stability when processing IPv6 packets larger than interface MTU;
*) led - fixed default LED configuration for RB911-5HnD;
*) package - do not include multiple The Dude packages in HDD installer;
*) snmp - fixed "send-trap" functionality (introduced in v6.48);
*) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
Версия 6.48.1
2021-02-05
What's new in 6.48.1 (2021-Feb-03 10:54):
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - fixed packet duplication when multiple bonding interfaces are created for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on ether37-ether48 ports for CRS354 device;
*) crs3xx - improved load balancing on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when bonding and IGMP snooping is used (introduced in v6.48);
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) ike2 - fixed phase 2 rekeying with enabled PFS (introduced in v6.48);
*) ike2 - improved stability when invalid certificate is configured (introduced in v6.48);
*) ike2 - properly register packet time after expensive CPU operations;
*) interface - fixed pwr-line interface linking (introduced in v6.48);
*) ipsec - improved stability when processing IPv6 packets larger than interface MTU;
*) led - fixed default LED configuration for RB911-5HnD;
*) package - do not include multiple The Dude packages in HDD installer;
*) snmp - fixed "send-trap" functionality (introduced in v6.48);
*) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - fixed packet duplication when multiple bonding interfaces are created for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on ether37-ether48 ports for CRS354 device;
*) crs3xx - improved load balancing on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when bonding and IGMP snooping is used (introduced in v6.48);
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) ike2 - fixed phase 2 rekeying with enabled PFS (introduced in v6.48);
*) ike2 - improved stability when invalid certificate is configured (introduced in v6.48);
*) ike2 - properly register packet time after expensive CPU operations;
*) interface - fixed pwr-line interface linking (introduced in v6.48);
*) ipsec - improved stability when processing IPv6 packets larger than interface MTU;
*) led - fixed default LED configuration for RB911-5HnD;
*) package - do not include multiple The Dude packages in HDD installer;
*) snmp - fixed "send-trap" functionality (introduced in v6.48);
*) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
Версия 6.48.1
2021-02-05
What's new in 6.48.1 (2021-Feb-03 10:54):
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - fixed packet duplication when multiple bonding interfaces are created for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on ether37-ether48 ports for CRS354 device;
*) crs3xx - improved load balancing on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when bonding and IGMP snooping is used (introduced in v6.48);
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) ike2 - fixed phase 2 rekeying with enabled PFS (introduced in v6.48);
*) ike2 - improved stability when invalid certificate is configured (introduced in v6.48);
*) ike2 - properly register packet time after expensive CPU operations;
*) interface - fixed pwr-line interface linking (introduced in v6.48);
*) ipsec - improved stability when processing IPv6 packets larger than interface MTU;
*) led - fixed default LED configuration for RB911-5HnD;
*) package - do not include multiple The Dude packages in HDD installer;
*) snmp - fixed "send-trap" functionality (introduced in v6.48);
*) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - fixed packet duplication when multiple bonding interfaces are created for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed port-isolation on ether37-ether48 ports for CRS354 device;
*) crs3xx - improved load balancing on bonding interfaces for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved system stability when bonding and IGMP snooping is used (introduced in v6.48);
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) ike2 - fixed phase 2 rekeying with enabled PFS (introduced in v6.48);
*) ike2 - improved stability when invalid certificate is configured (introduced in v6.48);
*) ike2 - properly register packet time after expensive CPU operations;
*) interface - fixed pwr-line interface linking (introduced in v6.48);
*) ipsec - improved stability when processing IPv6 packets larger than interface MTU;
*) led - fixed default LED configuration for RB911-5HnD;
*) package - do not include multiple The Dude packages in HDD installer;
*) snmp - fixed "send-trap" functionality (introduced in v6.48);
*) switch - fixed interface toggling for devices with multiple QCA8337, Atheros8327 or RTL8367 switch chips (introduced in v6.48);
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
Версия 6.48
2020-12-23
What's new in 6.48 (2020-Dec-22 11:20):
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved system stability;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) arm64 - improved reboot reason reporting in log;
*) bgp - fixed VPNV4 RD byte order;
*) bonding - added LACP monitoring;
*) branding - fixed LCD logo loading from new style branding package;
*) bridge - added "multicast-router" monitoring value for bridge interface;
*) bridge - added fixes and improvements for IGMP and MLD snooping;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports;
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly filter packets by L2MTU size;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed "multicast-router" setting on bridge enable;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show "H" flag for extended bridge ports;
*) bridge - show error when switch do not support controlling bridge or port extension;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed CRL URL length limit;
*) certificate - fixed private key verification for CA certificate during signing process;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support;
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - correctly filter packets by L2MTU size;
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved system stability on CRS354 devices;
*) crs3xx - improved system stability when receiving large frames for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.47.5);
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - fixed "html-directory" parameter export;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed 'rsa-signature-hybrid' authentication method;
*) ike1 - fixed memory leak on multiple CR payloads;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved EAP message integrity checking;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) interface - fixed pwr-line running state (introduced in v6.45);
*) ipsec - added SHA384 hash algorithm support for phase 1;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) lte - increased "at+cops" reply timeout to 90 seconds;
*) m33g - added support for "/system gpio" menu (CLI only);
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - added "lcd" process classificator;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added branding package build time parameter;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - fixed TotalBytesReceived parameter value;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - fixed default value presence when creating new entries under "IP/Kid Control";
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
*) winbox - added missing IGMP Snooping settings to "Bridge" menu;
*) winbox - added missing MSTP settings to "Bridge" menu;
*) winbox - added support for LTE Cell Monitor;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved system stability;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) arm64 - improved reboot reason reporting in log;
*) bgp - fixed VPNV4 RD byte order;
*) bonding - added LACP monitoring;
*) branding - fixed LCD logo loading from new style branding package;
*) bridge - added "multicast-router" monitoring value for bridge interface;
*) bridge - added fixes and improvements for IGMP and MLD snooping;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports;
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly filter packets by L2MTU size;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed "multicast-router" setting on bridge enable;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show "H" flag for extended bridge ports;
*) bridge - show error when switch do not support controlling bridge or port extension;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed CRL URL length limit;
*) certificate - fixed private key verification for CA certificate during signing process;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support;
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - correctly filter packets by L2MTU size;
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved system stability on CRS354 devices;
*) crs3xx - improved system stability when receiving large frames for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.47.5);
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - fixed "html-directory" parameter export;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed 'rsa-signature-hybrid' authentication method;
*) ike1 - fixed memory leak on multiple CR payloads;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved EAP message integrity checking;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) interface - fixed pwr-line running state (introduced in v6.45);
*) ipsec - added SHA384 hash algorithm support for phase 1;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) lte - increased "at+cops" reply timeout to 90 seconds;
*) m33g - added support for "/system gpio" menu (CLI only);
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - added "lcd" process classificator;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added branding package build time parameter;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - fixed TotalBytesReceived parameter value;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - fixed default value presence when creating new entries under "IP/Kid Control";
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
*) winbox - added missing IGMP Snooping settings to "Bridge" menu;
*) winbox - added missing MSTP settings to "Bridge" menu;
*) winbox - added support for LTE Cell Monitor;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
Версия 6.48
2020-12-23
What's new in 6.48 (2020-Dec-22 11:20):
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved system stability;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) arm64 - improved reboot reason reporting in log;
*) bgp - fixed VPNV4 RD byte order;
*) bonding - added LACP monitoring;
*) branding - fixed LCD logo loading from new style branding package;
*) bridge - added "multicast-router" monitoring value for bridge interface;
*) bridge - added fixes and improvements for IGMP and MLD snooping;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports;
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly filter packets by L2MTU size;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed "multicast-router" setting on bridge enable;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show "H" flag for extended bridge ports;
*) bridge - show error when switch do not support controlling bridge or port extension;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed CRL URL length limit;
*) certificate - fixed private key verification for CA certificate during signing process;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support;
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - correctly filter packets by L2MTU size;
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved system stability on CRS354 devices;
*) crs3xx - improved system stability when receiving large frames for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.47.5);
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - fixed "html-directory" parameter export;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed 'rsa-signature-hybrid' authentication method;
*) ike1 - fixed memory leak on multiple CR payloads;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved EAP message integrity checking;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) interface - fixed pwr-line running state (introduced in v6.45);
*) ipsec - added SHA384 hash algorithm support for phase 1;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) lte - increased "at+cops" reply timeout to 90 seconds;
*) m33g - added support for "/system gpio" menu (CLI only);
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - added "lcd" process classificator;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added branding package build time parameter;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - fixed TotalBytesReceived parameter value;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - fixed default value presence when creating new entries under "IP/Kid Control";
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
*) winbox - added missing IGMP Snooping settings to "Bridge" menu;
*) winbox - added missing MSTP settings to "Bridge" menu;
*) winbox - added support for LTE Cell Monitor;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved system stability;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) arm64 - improved reboot reason reporting in log;
*) bgp - fixed VPNV4 RD byte order;
*) bonding - added LACP monitoring;
*) branding - fixed LCD logo loading from new style branding package;
*) bridge - added "multicast-router" monitoring value for bridge interface;
*) bridge - added fixes and improvements for IGMP and MLD snooping;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports;
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly filter packets by L2MTU size;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed "multicast-router" setting on bridge enable;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show "H" flag for extended bridge ports;
*) bridge - show error when switch do not support controlling bridge or port extension;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed CRL URL length limit;
*) certificate - fixed private key verification for CA certificate during signing process;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support;
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - correctly filter packets by L2MTU size;
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved system stability on CRS354 devices;
*) crs3xx - improved system stability when receiving large frames for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.47.5);
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - fixed "html-directory" parameter export;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed 'rsa-signature-hybrid' authentication method;
*) ike1 - fixed memory leak on multiple CR payloads;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved EAP message integrity checking;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) interface - fixed pwr-line running state (introduced in v6.45);
*) ipsec - added SHA384 hash algorithm support for phase 1;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) lte - increased "at+cops" reply timeout to 90 seconds;
*) m33g - added support for "/system gpio" menu (CLI only);
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - added "lcd" process classificator;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added branding package build time parameter;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - fixed TotalBytesReceived parameter value;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - fixed default value presence when creating new entries under "IP/Kid Control";
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
*) winbox - added missing IGMP Snooping settings to "Bridge" menu;
*) winbox - added missing MSTP settings to "Bridge" menu;
*) winbox - added support for LTE Cell Monitor;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
Версия 6.48
2020-12-23
What's new in 6.48 (2020-Dec-22 11:20):
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved system stability;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) arm64 - improved reboot reason reporting in log;
*) bgp - fixed VPNV4 RD byte order;
*) bonding - added LACP monitoring;
*) branding - fixed LCD logo loading from new style branding package;
*) bridge - added "multicast-router" monitoring value for bridge interface;
*) bridge - added fixes and improvements for IGMP and MLD snooping;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports;
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly filter packets by L2MTU size;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed "multicast-router" setting on bridge enable;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show "H" flag for extended bridge ports;
*) bridge - show error when switch do not support controlling bridge or port extension;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed CRL URL length limit;
*) certificate - fixed private key verification for CA certificate during signing process;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support;
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - correctly filter packets by L2MTU size;
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved system stability on CRS354 devices;
*) crs3xx - improved system stability when receiving large frames for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.47.5);
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - fixed "html-directory" parameter export;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed 'rsa-signature-hybrid' authentication method;
*) ike1 - fixed memory leak on multiple CR payloads;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved EAP message integrity checking;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) interface - fixed pwr-line running state (introduced in v6.45);
*) ipsec - added SHA384 hash algorithm support for phase 1;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) lte - increased "at+cops" reply timeout to 90 seconds;
*) m33g - added support for "/system gpio" menu (CLI only);
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - added "lcd" process classificator;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added branding package build time parameter;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - fixed TotalBytesReceived parameter value;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - fixed default value presence when creating new entries under "IP/Kid Control";
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
*) winbox - added missing IGMP Snooping settings to "Bridge" menu;
*) winbox - added missing MSTP settings to "Bridge" menu;
*) winbox - added support for LTE Cell Monitor;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
*) arm - added support for automatic CPU frequency stepping for IPQ4018/IPQ4019 devices;
*) arm - improved system stability;
*) arm - improved watchdog and kernel panic reporting in log after reboots on IPQ4018/IPQ4019 devices;
*) arm64 - improved reboot reason reporting in log;
*) bgp - fixed VPNV4 RD byte order;
*) bonding - added LACP monitoring;
*) branding - fixed LCD logo loading from new style branding package;
*) bridge - added "multicast-router" monitoring value for bridge interface;
*) bridge - added fixes and improvements for IGMP and MLD snooping;
*) bridge - added minor fixes and improvements for IGMP snooping with HW offloading;
*) bridge - added warning message when port is disabled by the BPDU guard;
*) bridge - allow to exclude interfaces from extended ports;
*) bridge - automatically remove extended interfaces when deleting PE device from CB;
*) bridge - correctly filter packets by L2MTU size;
*) bridge - correctly remove dynamic VLAN assignment for bridge ports;
*) bridge - fixed "multicast-router" setting on bridge enable;
*) bridge - fixed MDB entry removal when using bridge port "fast-leave" property;
*) bridge - fixed dynamic VLAN assignment when changing port "frame-type" property (introduced in v6.46);
*) bridge - fixed dynamic VLAN assignment when changing port to tagged VLAN member;
*) bridge - fixed link-local multicast forwarding when IGMP snooping and HW offloading is enabled;
*) bridge - fixed local MAC address removal from host table when deleting bridge interface;
*) bridge - fixed multicast table printing;
*) bridge - improved BPDU guard logging;
*) bridge - increased multicast table size to 4K entries;
*) bridge - show "H" flag for extended bridge ports;
*) bridge - show error when switch do not support controlling bridge or port extension;
*) bridge - use "frame-types=admit-all" by default for extended bridge ports;
*) cap - fixed L2MTU setting from CAPsMAN;
*) certificate - clear challenge password on renew;
*) certificate - fixed CRL URL length limit;
*) certificate - fixed private key verification for CA certificate during signing process;
*) certificate - generate CRL even when CRL URL not specified;
*) certificate - properly flush expired SCEP OTP entries;
*) chr - fixed SSH key import on Azure;
*) chr - fixed VLAN tagged packet transmit on bridge for Hyper-V installations;
*) chr - improved interface loading on startup on XEN;
*) chr - improved system stability when changing flow control settings on e1000;
*) cloud - improved backup generation process;
*) conntrack - automatically reduce connection tracking timeouts when table is full;
*) console - allow "once" parameter for bonding monitoring;
*) crs3xx - added initial Bridge Port Extender support;
*) crs3xx - added initial Controlling Bridge support for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - added switch-cpu port VLAN filtering (switch-cpu port is now mapped with bridge interface VLAN membership when vlan-filtering is enabled);
*) crs3xx - correctly filter packets by L2MTU size;
*) crs3xx - fixed "custom-drop-packet" and "not-learned" switch stats for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "mirror-source" property on switch port disable for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed "storm-rate" traffic limiting for switch-cpu port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed "switch-cpu" VLAN membership on bridge disable;
*) crs3xx - fixed CDP packet forwarding for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed duplicate host entries when creating static switch hosts;
*) crs3xx - fixed port isolation for "switch-cpu" port for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - fixed port isolation removal for "switch-cpu" port on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch "copy-to-cpu" property for CRS305, CRS318, CRS326-24G-2S+, CRS328 devices;
*) crs3xx - fixed switch "not-learned" stats for CRS305, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, CRS318 devices;
*) crs3xx - improved system stability on CRS354 devices;
*) crs3xx - improved system stability when receiving large frames for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.47.5);
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) defconf - fixed static IP address setting in case default configuration loading fails;
*) defconf - improved CAP interface bridging;
*) defconf - improved default configuration generation on devices with non-default wireless interface names;
*) detnet - fixed malformed dummy DHCP User Class option;
*) detnet - use MAC address from bridge interface instead of slave port;
*) dhcp - fixed DHCP packet forwarding to IPsec policies;
*) dhcpv4-server - improved "client-id" value parsing;
*) dhcpv6 server - added support for "Delegated-IPv6-Prefix" for PPP services;
*) dhcpv6-server - added ability to generate binding on first request;
*) dhcpv6-server - added support for "option18" and "option37" for RADIUS managed clients;
*) dhcpv6-server - allow loose static binding "pool" parameter (introduced in v6.46.8);
*) dhcpv6-server - make sure that calling station ID always contains DUID;
*) discovery - added "lldp-med-net-policy-vlan" property for assigning VLAN ID;
*) discovery - allow choosing which discovery protocol is used;
*) discovery - fixed discovery on mesh ports;
*) discovery - fixed discovery packet sending on newly bridged port with "protocol-mode=none";
*) discovery - fixed discovery when enabled only on master port;
*) discovery - send the same "Chassis ID" on all interfaces for LLDP packets;
*) discovery - use interface MAC address when sending MNDP from slave port;
*) disk - fixed external EXT3 disk mounting on x86 systems;
*) dns - added IPv6 support for DoH;
*) dns - do not use type "A" for static entries with unspecified type;
*) dns - end ongoing queries when changing DoH configuration;
*) dns - fixed listening for DNS queries when only dynamic static entries exist (introduced in v6.47);
*) dot1x - accept priority tagged (VLAN 0) EAP packets on dot1x client;
*) dot1x - fixed reauthentication after server rejects a client into VLAN;
*) dot1x - fixed unicast destination EAP packet receiving when a client is running on a bridge port;
*) dude - fixed configuration menu presence on ARM64 devices;
*) export - fixed RouterBOARD USB "type" parameter export;
*) filesystem - fixed repartition on RB4011 series devices;
*) filesystem - fixed repartition on non-first partition;
*) filesystem - improved long-term filesystem stability and data integrity;
*) gps - fixed "init-channel" release when not used;
*) health - changed PSU state parameter type to read-only;
*) health - removed unused "heater-control" and "heater-threshold" parameters;
*) hotspot - added "vlan-id" parameter support for hosts and HTML pages;
*) hotspot - added support for captive portal advertising using DHCP (RFC7710);
*) hotspot - fixed "html-directory" parameter export;
*) hotspot - improved management service stability when receiving bogus packets;
*) ike1 - fixed "my-id=address" parameter usage together with certificate authentication;
*) ike1 - fixed 'rsa-signature-hybrid' authentication method;
*) ike1 - fixed memory leak on multiple CR payloads;
*) ike1 - fixed policy update with and without mode configuration;
*) ike1 - rekey phase 1 as responder for Windows initiators;
*) ike2 - added "prf-algorithm" support for phase 1;
*) ike2 - added support for IKEv2 Message Fragmentation (RFC7383);
*) ike2 - fixed EAP MSK length validation;
*) ike2 - fixed too small payload parsing;
*) ike2 - improved EAP message integrity checking;
*) ike2 - improved child SA rekeying process;
*) interface - added temperature warning and interface disable on overheat for SFP and SFP+ interfaces (CLI only);
*) interface - fixed pwr-line running state (introduced in v6.45);
*) ipsec - added SHA384 hash algorithm support for phase 1;
*) ipsec - do not kill connection when peer's "name" or "comment" is changed;
*) ipsec - fixed client certificate usage when certificate is renewed with SCEP;
*) ipsec - fixed multiple warning message display for peers;
*) ipsec - inactivate peer's policy on disconnect;
*) ipsec - refresh peer's DNS only when phase 1 is down;
*) kidcontrol - allow creating static device entries without assigned user;
*) led - fixed state persistence after device reboot on NetMetal 5 ac devices;
*) lora - fixed device going into "ERROR" state caused by FSK modulated downlinks;
*) lora - limited output power in RU region for range 868.7 MHz - 869.2 MHz according to regulations;
*) lte - added "age" column and "max-age" parameter to "cell-monitor" (CLI only);
*) lte - added "comment" parameter for APN profiles;
*) lte - added support for Alcatel IK41VE1;
*) lte - fixed "band" value reporting;
*) lte - increased "at+cops" reply timeout to 90 seconds;
*) m33g - added support for "/system gpio" menu (CLI only);
*) metarouter - allow creating RouterOS metarouter instances on devices with 16MB flash storage;
*) metarouter - fixed memory leak when tearing down metarouter instance;
*) ppp - added "bridge-learning" parameter support;
*) ppp - added "ipv6-routes" parameter to "secrets" menu;
*) ppp - added support for "Framed-IPv6-Route" RADIUS attribute;
*) ppp - store "last-caller-id" for PPP secrets;
*) ppp - store "last-disconnect-reason" for PPP secrets;
*) profile - added "lcd" process classificator;
*) profile - improved idle process detection on x86 processors;
*) profile - improved process classification on ARM devices;
*) quickset - added "Port Mapping" to QuickSet;
*) quickset - fixed local IP address setting on master interface;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed PCIe bus reset during power-on on MMIPS devices ("/system routerboard upgrade" required);
*) routerboard - force power-down on PCIe bus during reboot on LHGR devices ("/system routerboard upgrade" required);
*) script - added error message in the logs if startup script runtime limit was exceeded;
*) snmp - added information from IPsec "active-peers" menu to MIKROTIK-MIB;
*) snmp - added new LTE monitoring OID's to MIKROTIK-MIB;
*) snmp - fixed value types for "dot1dStp";
*) snmp - fixed value types for "dot1qPvid";
*) ssh - fixed returned output saving to file when "output-to-file" parameter is used;
*) ssh - skip interactive authentication when not running in interactive mode;
*) supout - added bonding interface monitor information;
*) supout - improved autosupout.rif file generation process;
*) timezone - updated timezone information from "tzdata2020d" release;
*) tr069-client - added "X_MIKROTIK_MimoRSRP" parameter for LTE RSRP value reporting;
*) tr069-client - added LTE model and revision parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added branding package build time parameter;
*) tr069-client - added wireless "noise-floor" and "overall-tx-ccq" information parameters;
*) tr069-client - allow passing LTE firmware update URL as XML;
*) tr069-client - fixed RouterOS downgrade procedure;
*) tr069-client - fixed TotalBytesReceived parameter value;
*) tr069-client - send correct "ConnectionRequestURL" when using IPv6;
*) traffic-flow - added "sys-init-time" parameter support;
*) traffic-flow - added NAT event logging support for IPFIX;
*) traffic-generator - fixed 32Gbps limitation;
*) user-manager - do not allow creating limitation that crosses midnight;
*) user-manager - updated PayPal's root certificate authorities;
*) webfig - allow hiding QuickSet mode selector;
*) webfig - allow hiding and renaming inline buttons;
*) webfig - fixed default value presence when creating new entries under "IP/Kid Control";
*) webfig - properly stop background processes when switching away from QuickSet tab;
*) winbox - added "src-mac-address" parameter under "IP/DHCP-Server/Leases" menu;
*) winbox - added missing IGMP Snooping settings to "Bridge" menu;
*) winbox - added missing MSTP settings to "Bridge" menu;
*) winbox - added support for LTE Cell Monitor;
*) winbox - allow adding bonding interface with one slave interface;
*) winbox - allow performing "USB Power Reset" on "0" bus on RBM33G;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - fixed "IP->Kid Control->Devices" table automatic refreshing;
*) winbox - fixed "interface" and "on-interface" parameter presence under "Bridge/Hosts" menu;
*) winbox - fixed "receive-errors" setting persistence under "Wireless/Wireless Sniffer/Settings" menu;
*) winbox - fixed "tls-version" parameter setting under "IP/Services" menu;
*) winbox - fixed minor typo in "Users" menu;
*) winbox - provide sane default values for bridge "VLAN IDs" parameter;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - added U-NII-2 support for US and Canada country profiles for mANTBox series devices;
*) wireless - create "connect-list" rule when address specified for "setup-repeater";
*) wireless - do not override MTU and ARP values from CAPsMAN with local forwarding;
*) wireless - improved WPS process stability;
*) wireless - increased "group-key-update" maximum value to 1 day;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "no_country_set" regulatory domain information;
Версия 6.47.8
2020-11-26
What's new in 6.47.8 (2020-Nov-25 10:10):
*) arm - improved system stability;
*) bgp - treat route target with AS 65535 as two byte AS;
*) branding - fixed imported skin presence;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - improved stability with large table of static records;
*) ike1 - allow using "my-id" parameter with XAuth;
*) leds - fixed LED type setting;
*) metarouter - fixed directory entry reporting;
*) profile - fixed process classification on x86 systems (introduced in v6.47);
*) quickset - fixed wireless client "uptime" counter in "Home Mesh" mode;
*) sstp - fixed "idle-timeout" on TILE and CHR devices;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) upgrade - do not try installing packages if download was not completed;
*) winbox - added "operator" parameter under "Interface/LTE" menu;
*) winbox - added "reformat-hold-button-max" parameter under "System/RouterBOARD/Settings" menu;
*) winbox - added "tls-mode" parameter under "CAPsMAN/Security Cfg." menu;
*) winbox - added "tx-rx-1024-max" counter under "Interface/Overall-Stats" for CRS3xx devices;
*) winbox - do not allow MAC address changes on LTE interfaces;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "usb-bus" option on all boards that have it;
*) winbox - show "usb-type" option on all boards that have it;
*) winbox - sort IPv6 firewall "chain" parameter entries alphabetically;
*) wireless - added support for U-NII-2 US and Canada country profiles for mANTBox series devices;
*) arm - improved system stability;
*) bgp - treat route target with AS 65535 as two byte AS;
*) branding - fixed imported skin presence;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - improved stability with large table of static records;
*) ike1 - allow using "my-id" parameter with XAuth;
*) leds - fixed LED type setting;
*) metarouter - fixed directory entry reporting;
*) profile - fixed process classification on x86 systems (introduced in v6.47);
*) quickset - fixed wireless client "uptime" counter in "Home Mesh" mode;
*) sstp - fixed "idle-timeout" on TILE and CHR devices;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) upgrade - do not try installing packages if download was not completed;
*) winbox - added "operator" parameter under "Interface/LTE" menu;
*) winbox - added "reformat-hold-button-max" parameter under "System/RouterBOARD/Settings" menu;
*) winbox - added "tls-mode" parameter under "CAPsMAN/Security Cfg." menu;
*) winbox - added "tx-rx-1024-max" counter under "Interface/Overall-Stats" for CRS3xx devices;
*) winbox - do not allow MAC address changes on LTE interfaces;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "usb-bus" option on all boards that have it;
*) winbox - show "usb-type" option on all boards that have it;
*) winbox - sort IPv6 firewall "chain" parameter entries alphabetically;
*) wireless - added support for U-NII-2 US and Canada country profiles for mANTBox series devices;
Версия 6.47.8
2020-11-26
What's new in 6.47.8 (2020-Nov-25 10:10):
*) arm - improved system stability;
*) bgp - treat route target with AS 65535 as two byte AS;
*) branding - fixed imported skin presence;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - improved stability with large table of static records;
*) ike1 - allow using "my-id" parameter with XAuth;
*) leds - fixed LED type setting;
*) metarouter - fixed directory entry reporting;
*) profile - fixed process classification on x86 systems (introduced in v6.47);
*) quickset - fixed wireless client "uptime" counter in "Home Mesh" mode;
*) sstp - fixed "idle-timeout" on TILE and CHR devices;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) upgrade - do not try installing packages if download was not completed;
*) winbox - added "operator" parameter under "Interface/LTE" menu;
*) winbox - added "reformat-hold-button-max" parameter under "System/RouterBOARD/Settings" menu;
*) winbox - added "tls-mode" parameter under "CAPsMAN/Security Cfg." menu;
*) winbox - added "tx-rx-1024-max" counter under "Interface/Overall-Stats" for CRS3xx devices;
*) winbox - do not allow MAC address changes on LTE interfaces;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "usb-bus" option on all boards that have it;
*) winbox - show "usb-type" option on all boards that have it;
*) winbox - sort IPv6 firewall "chain" parameter entries alphabetically;
*) wireless - added support for U-NII-2 US and Canada country profiles for mANTBox series devices;
*) arm - improved system stability;
*) bgp - treat route target with AS 65535 as two byte AS;
*) branding - fixed imported skin presence;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - improved stability with large table of static records;
*) ike1 - allow using "my-id" parameter with XAuth;
*) leds - fixed LED type setting;
*) metarouter - fixed directory entry reporting;
*) profile - fixed process classification on x86 systems (introduced in v6.47);
*) quickset - fixed wireless client "uptime" counter in "Home Mesh" mode;
*) sstp - fixed "idle-timeout" on TILE and CHR devices;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) upgrade - do not try installing packages if download was not completed;
*) winbox - added "operator" parameter under "Interface/LTE" menu;
*) winbox - added "reformat-hold-button-max" parameter under "System/RouterBOARD/Settings" menu;
*) winbox - added "tls-mode" parameter under "CAPsMAN/Security Cfg." menu;
*) winbox - added "tx-rx-1024-max" counter under "Interface/Overall-Stats" for CRS3xx devices;
*) winbox - do not allow MAC address changes on LTE interfaces;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "usb-bus" option on all boards that have it;
*) winbox - show "usb-type" option on all boards that have it;
*) winbox - sort IPv6 firewall "chain" parameter entries alphabetically;
*) wireless - added support for U-NII-2 US and Canada country profiles for mANTBox series devices;
Версия 6.47.8
2020-11-26
What's new in 6.47.8 (2020-Nov-25 10:10):
*) arm - improved system stability;
*) bgp - treat route target with AS 65535 as two byte AS;
*) branding - fixed imported skin presence;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - improved stability with large table of static records;
*) ike1 - allow using "my-id" parameter with XAuth;
*) leds - fixed LED type setting;
*) metarouter - fixed directory entry reporting;
*) profile - fixed process classification on x86 systems (introduced in v6.47);
*) quickset - fixed wireless client "uptime" counter in "Home Mesh" mode;
*) sstp - fixed "idle-timeout" on TILE and CHR devices;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) upgrade - do not try installing packages if download was not completed;
*) winbox - added "operator" parameter under "Interface/LTE" menu;
*) winbox - added "reformat-hold-button-max" parameter under "System/RouterBOARD/Settings" menu;
*) winbox - added "tls-mode" parameter under "CAPsMAN/Security Cfg." menu;
*) winbox - added "tx-rx-1024-max" counter under "Interface/Overall-Stats" for CRS3xx devices;
*) winbox - do not allow MAC address changes on LTE interfaces;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "usb-bus" option on all boards that have it;
*) winbox - show "usb-type" option on all boards that have it;
*) winbox - sort IPv6 firewall "chain" parameter entries alphabetically;
*) wireless - added support for U-NII-2 US and Canada country profiles for mANTBox series devices;
*) arm - improved system stability;
*) bgp - treat route target with AS 65535 as two byte AS;
*) branding - fixed imported skin presence;
*) bridge - fixed BPDU guard port disable/enable on HW offloaded interfaces;
*) disk - improved disk management service stability when receiving bogus packets;
*) dns - improved stability with large table of static records;
*) ike1 - allow using "my-id" parameter with XAuth;
*) leds - fixed LED type setting;
*) metarouter - fixed directory entry reporting;
*) profile - fixed process classification on x86 systems (introduced in v6.47);
*) quickset - fixed wireless client "uptime" counter in "Home Mesh" mode;
*) sstp - fixed "idle-timeout" on TILE and CHR devices;
*) system - replace "3" in superscript to "^3" on RBD53GR devices;
*) upgrade - do not try installing packages if download was not completed;
*) winbox - added "operator" parameter under "Interface/LTE" menu;
*) winbox - added "reformat-hold-button-max" parameter under "System/RouterBOARD/Settings" menu;
*) winbox - added "tls-mode" parameter under "CAPsMAN/Security Cfg." menu;
*) winbox - added "tx-rx-1024-max" counter under "Interface/Overall-Stats" for CRS3xx devices;
*) winbox - do not allow MAC address changes on LTE interfaces;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "usb-bus" option on all boards that have it;
*) winbox - show "usb-type" option on all boards that have it;
*) winbox - sort IPv6 firewall "chain" parameter entries alphabetically;
*) wireless - added support for U-NII-2 US and Canada country profiles for mANTBox series devices;
Версия 6.47.7
2020-10-29
What's new in 6.47.7 (2020-Oct-27 13:27):
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) poe - fixed automatic PoE firmware upgrade procedure;
*) poe - improved PoE-out status detection;
*) wireless - updated "kazakhstan" regulatory domain information;
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) poe - fixed automatic PoE firmware upgrade procedure;
*) poe - improved PoE-out status detection;
*) wireless - updated "kazakhstan" regulatory domain information;
Версия 6.47.7
2020-10-29
What's new in 6.47.7 (2020-Oct-27 13:27):
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) poe - fixed automatic PoE firmware upgrade procedure;
*) poe - improved PoE-out status detection;
*) wireless - updated "kazakhstan" regulatory domain information;
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) poe - fixed automatic PoE firmware upgrade procedure;
*) poe - improved PoE-out status detection;
*) wireless - updated "kazakhstan" regulatory domain information;
Версия 6.47.7
2020-10-29
What's new in 6.47.7 (2020-Oct-27 13:27):
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) poe - fixed automatic PoE firmware upgrade procedure;
*) poe - improved PoE-out status detection;
*) wireless - updated "kazakhstan" regulatory domain information;
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - improved default configuration generation on devices without wireless package installed;
*) poe - fixed automatic PoE firmware upgrade procedure;
*) poe - improved PoE-out status detection;
*) wireless - updated "kazakhstan" regulatory domain information;
Версия 6.47.6
2020-10-22
What's new in 6.47.6 (2020-Oct-21 10:41):
*) cap - fixed L2MTU path discovery;
*) crs3xx - fixed hardware offloaded LACP bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed switch rules for CRS309 and CRS317 devices (introduced in v6.47.3);
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
*) dhcpv6-server - properly save bindings when executing "make-static" command;
*) fetch - improved SSL handshake processing;
*) ike1 - allow using "my-id" parameter with XAuth;
*) leds - fixed LED type setting;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) mpls - fixed duplicate "LabelRelease" message sending;
*) ospf - optimized LSA printing for smaller message sizes;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) smips - reduced RouterOS main package size;
*) switch - fixed Ethernet padding for small packets;
*) user - improved WinBox and The Dude authenticated session handling;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) cap - fixed L2MTU path discovery;
*) crs3xx - fixed hardware offloaded LACP bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed switch rules for CRS309 and CRS317 devices (introduced in v6.47.3);
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
*) dhcpv6-server - properly save bindings when executing "make-static" command;
*) fetch - improved SSL handshake processing;
*) ike1 - allow using "my-id" parameter with XAuth;
*) leds - fixed LED type setting;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) mpls - fixed duplicate "LabelRelease" message sending;
*) ospf - optimized LSA printing for smaller message sizes;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) smips - reduced RouterOS main package size;
*) switch - fixed Ethernet padding for small packets;
*) user - improved WinBox and The Dude authenticated session handling;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - fixed incorrect wireless capability information in association response frames;
Версия 6.47.6
2020-10-22
What's new in 6.47.6 (2020-Oct-21 10:41):
*) cap - fixed L2MTU path discovery;
*) crs3xx - fixed hardware offloaded LACP bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed switch rules for CRS309 and CRS317 devices (introduced in v6.47.3);
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
*) dhcpv6-server - properly save bindings when executing "make-static" command;
*) fetch - improved SSL handshake processing;
*) ike1 - allow using "my-id" parameter with XAuth;
*) leds - fixed LED type setting;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) mpls - fixed duplicate "LabelRelease" message sending;
*) ospf - optimized LSA printing for smaller message sizes;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) smips - reduced RouterOS main package size;
*) switch - fixed Ethernet padding for small packets;
*) user - improved WinBox and The Dude authenticated session handling;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) cap - fixed L2MTU path discovery;
*) crs3xx - fixed hardware offloaded LACP bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed switch rules for CRS309 and CRS317 devices (introduced in v6.47.3);
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
*) dhcpv6-server - properly save bindings when executing "make-static" command;
*) fetch - improved SSL handshake processing;
*) ike1 - allow using "my-id" parameter with XAuth;
*) leds - fixed LED type setting;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) mpls - fixed duplicate "LabelRelease" message sending;
*) ospf - optimized LSA printing for smaller message sizes;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) smips - reduced RouterOS main package size;
*) switch - fixed Ethernet padding for small packets;
*) user - improved WinBox and The Dude authenticated session handling;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - fixed incorrect wireless capability information in association response frames;
Версия 6.47.6
2020-10-22
What's new in 6.47.6 (2020-Oct-21 10:41):
*) cap - fixed L2MTU path discovery;
*) crs3xx - fixed hardware offloaded LACP bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed switch rules for CRS309 and CRS317 devices (introduced in v6.47.3);
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
*) dhcpv6-server - properly save bindings when executing "make-static" command;
*) fetch - improved SSL handshake processing;
*) ike1 - allow using "my-id" parameter with XAuth;
*) leds - fixed LED type setting;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) mpls - fixed duplicate "LabelRelease" message sending;
*) ospf - optimized LSA printing for smaller message sizes;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) smips - reduced RouterOS main package size;
*) switch - fixed Ethernet padding for small packets;
*) user - improved WinBox and The Dude authenticated session handling;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) cap - fixed L2MTU path discovery;
*) crs3xx - fixed hardware offloaded LACP bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed switch rules for CRS309 and CRS317 devices (introduced in v6.47.3);
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) dhcpv4-client - fixed DHCP offer packet parsing with overload option present;
*) dhcpv6-server - properly save bindings when executing "make-static" command;
*) fetch - improved SSL handshake processing;
*) ike1 - allow using "my-id" parameter with XAuth;
*) leds - fixed LED type setting;
*) lora - expose "joinEui" un "devEui" values in the log;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - improved EARFCN reporting in 3G and LTE modes on Sierra modems;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) mpls - fixed duplicate "LabelRelease" message sending;
*) ospf - optimized LSA printing for smaller message sizes;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) smips - reduced RouterOS main package size;
*) switch - fixed Ethernet padding for small packets;
*) user - improved WinBox and The Dude authenticated session handling;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - fixed incorrect wireless capability information in association response frames;
Версия 6.47.5
2020-10-22
What's new in 6.47.5 (2020-Oct-08 06:48):
(factory only release)
(factory only release)
Версия 6.47.5
2020-10-22
What's new in 6.47.5 (2020-Oct-08 06:48):
(factory only release)
(factory only release)
Версия 6.47.5
2020-10-22
What's new in 6.47.5 (2020-Oct-08 06:48):
(factory only release)
(factory only release)
Версия 6.47.4
2020-09-21
What's new in 6.47.4 (2020-Sep-16 11:32):
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - improved long-term filesystem stability and data integrity;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) smb - fixed possible memory leak (CVE-2020-11881);
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) user-manager - updated PayPal's root certificate authorities;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - improved long-term filesystem stability and data integrity;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) smb - fixed possible memory leak (CVE-2020-11881);
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) user-manager - updated PayPal's root certificate authorities;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
Версия 6.47.4
2020-09-21
What's new in 6.47.4 (2020-Sep-16 11:32):
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - improved long-term filesystem stability and data integrity;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) smb - fixed possible memory leak (CVE-2020-11881);
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) user-manager - updated PayPal's root certificate authorities;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - improved long-term filesystem stability and data integrity;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) smb - fixed possible memory leak (CVE-2020-11881);
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) user-manager - updated PayPal's root certificate authorities;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
Версия 6.47.4
2020-09-21
What's new in 6.47.4 (2020-Sep-16 11:32):
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - improved long-term filesystem stability and data integrity;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) smb - fixed possible memory leak (CVE-2020-11881);
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) user-manager - updated PayPal's root certificate authorities;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) bridge - fixed STP alternate and backup port states for devices with switch chip (introduced in v6.47);
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) fetch - fixed "src-address" usage for SFTP;
*) filesystem - improved long-term filesystem stability and data integrity;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) smb - fixed possible memory leak (CVE-2020-11881);
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) user-manager - updated PayPal's root certificate authorities;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
Версия 6.47.3
2020-09-03
What's new in 6.47.3 (2020-Sep-01 05:24):
*) bridge - fixed host table update on SNMP query;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) dns - fixed multiple TXT string replies;
*) dns - hide default static entry "type" from export;
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) ike2 - fixed local side NAT detection;
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS305, CRS309 and CRS317 devices ("/system routerboard upgrade" required);
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) wireless - allow setting "tx-power" up to 40;
*) wireless - fixed potential wireless driver issue related to CVE-2020-3702;
*) bridge - fixed host table update on SNMP query;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) dns - fixed multiple TXT string replies;
*) dns - hide default static entry "type" from export;
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) ike2 - fixed local side NAT detection;
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS305, CRS309 and CRS317 devices ("/system routerboard upgrade" required);
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) wireless - allow setting "tx-power" up to 40;
*) wireless - fixed potential wireless driver issue related to CVE-2020-3702;
Версия 6.47.3
2020-09-03
What's new in 6.47.3 (2020-Sep-01 05:24):
*) bridge - fixed host table update on SNMP query;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) dns - fixed multiple TXT string replies;
*) dns - hide default static entry "type" from export;
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) ike2 - fixed local side NAT detection;
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS305, CRS309 and CRS317 devices ("/system routerboard upgrade" required);
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) wireless - allow setting "tx-power" up to 40;
*) wireless - fixed potential wireless driver issue related to CVE-2020-3702;
*) bridge - fixed host table update on SNMP query;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) dns - fixed multiple TXT string replies;
*) dns - hide default static entry "type" from export;
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) ike2 - fixed local side NAT detection;
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS305, CRS309 and CRS317 devices ("/system routerboard upgrade" required);
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) wireless - allow setting "tx-power" up to 40;
*) wireless - fixed potential wireless driver issue related to CVE-2020-3702;
Версия 6.47.3
2020-09-03
What's new in 6.47.3 (2020-Sep-01 05:24):
*) bridge - fixed host table update on SNMP query;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) dns - fixed multiple TXT string replies;
*) dns - hide default static entry "type" from export;
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) ike2 - fixed local side NAT detection;
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS305, CRS309 and CRS317 devices ("/system routerboard upgrade" required);
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) wireless - allow setting "tx-power" up to 40;
*) wireless - fixed potential wireless driver issue related to CVE-2020-3702;
*) bridge - fixed host table update on SNMP query;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) dns - fixed multiple TXT string replies;
*) dns - hide default static entry "type" from export;
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) ike2 - fixed local side NAT detection;
*) lte - fixed multiple passthrough APN default route installation;
*) lte - fixed RSCP value reporting;
*) lte - validate interface existence on initiation;
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) poe - fixed "power-cycle" functionality on RB960GSP;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS305, CRS309 and CRS317 devices ("/system routerboard upgrade" required);
*) webfig - fixed negative value usage in "spoof-gps" parameter (introduced in v6.47.1);
*) wireless - allow setting "tx-power" up to 40;
*) wireless - fixed potential wireless driver issue related to CVE-2020-3702;
Версия 6.47.2
2020-08-19
What's new in 6.47.2 (2020-Aug-13 06:39):
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed QSFP+ interface linking after reboot for CRS326-24S+2Q+ (introduced in v6.47);
*) discovery - use "static" interface list by default instead of "!dynamic";
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) interface - added new builtin "static" interface list;
*) l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47);
*) lora - fixed "spoof-gps" parameter padding (introduced in v6.47.1);
*) lte - fixed dynamic DHCP client creation when editing APN profile;
*) ospf - fixed case when changing one distribution metric changed metrics for other distribution options;
*) ppp - fixed PPP interface editing for the first time after reboot or after 20 seconds;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) routerboot - fixed memory test on CCR2004-1G-12S+2XS ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) sftp - fixed "flash" directory access (introduced in v6.46);
*) smb - fixed file path validation (introduced in v6.46);
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) snmp - fixed "current" value reporting on CCR series devices;
*) snmp - fixed "fan-speed" value reporting on CCR series devices;
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - updated "indonesia5" regulatory domain information;
*) www - improved WWW service stability when receiving bogus packets;
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed QSFP+ interface linking after reboot for CRS326-24S+2Q+ (introduced in v6.47);
*) discovery - use "static" interface list by default instead of "!dynamic";
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) interface - added new builtin "static" interface list;
*) l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47);
*) lora - fixed "spoof-gps" parameter padding (introduced in v6.47.1);
*) lte - fixed dynamic DHCP client creation when editing APN profile;
*) ospf - fixed case when changing one distribution metric changed metrics for other distribution options;
*) ppp - fixed PPP interface editing for the first time after reboot or after 20 seconds;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) routerboot - fixed memory test on CCR2004-1G-12S+2XS ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) sftp - fixed "flash" directory access (introduced in v6.46);
*) smb - fixed file path validation (introduced in v6.46);
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) snmp - fixed "current" value reporting on CCR series devices;
*) snmp - fixed "fan-speed" value reporting on CCR series devices;
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - updated "indonesia5" regulatory domain information;
*) www - improved WWW service stability when receiving bogus packets;
Версия 6.47.2
2020-08-19
What's new in 6.47.2 (2020-Aug-13 06:39):
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed QSFP+ interface linking after reboot for CRS326-24S+2Q+ (introduced in v6.47);
*) discovery - use "static" interface list by default instead of "!dynamic";
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) interface - added new builtin "static" interface list;
*) l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47);
*) lora - fixed "spoof-gps" parameter padding (introduced in v6.47.1);
*) lte - fixed dynamic DHCP client creation when editing APN profile;
*) ospf - fixed case when changing one distribution metric changed metrics for other distribution options;
*) ppp - fixed PPP interface editing for the first time after reboot or after 20 seconds;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) routerboot - fixed memory test on CCR2004-1G-12S+2XS ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) sftp - fixed "flash" directory access (introduced in v6.46);
*) smb - fixed file path validation (introduced in v6.46);
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) snmp - fixed "current" value reporting on CCR series devices;
*) snmp - fixed "fan-speed" value reporting on CCR series devices;
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - updated "indonesia5" regulatory domain information;
*) www - improved WWW service stability when receiving bogus packets;
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed QSFP+ interface linking after reboot for CRS326-24S+2Q+ (introduced in v6.47);
*) discovery - use "static" interface list by default instead of "!dynamic";
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) interface - added new builtin "static" interface list;
*) l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47);
*) lora - fixed "spoof-gps" parameter padding (introduced in v6.47.1);
*) lte - fixed dynamic DHCP client creation when editing APN profile;
*) ospf - fixed case when changing one distribution metric changed metrics for other distribution options;
*) ppp - fixed PPP interface editing for the first time after reboot or after 20 seconds;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) routerboot - fixed memory test on CCR2004-1G-12S+2XS ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) sftp - fixed "flash" directory access (introduced in v6.46);
*) smb - fixed file path validation (introduced in v6.46);
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) snmp - fixed "current" value reporting on CCR series devices;
*) snmp - fixed "fan-speed" value reporting on CCR series devices;
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - updated "indonesia5" regulatory domain information;
*) www - improved WWW service stability when receiving bogus packets;
Версия 6.47.2
2020-08-19
What's new in 6.47.2 (2020-Aug-13 06:39):
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed QSFP+ interface linking after reboot for CRS326-24S+2Q+ (introduced in v6.47);
*) discovery - use "static" interface list by default instead of "!dynamic";
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) interface - added new builtin "static" interface list;
*) l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47);
*) lora - fixed "spoof-gps" parameter padding (introduced in v6.47.1);
*) lte - fixed dynamic DHCP client creation when editing APN profile;
*) ospf - fixed case when changing one distribution metric changed metrics for other distribution options;
*) ppp - fixed PPP interface editing for the first time after reboot or after 20 seconds;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) routerboot - fixed memory test on CCR2004-1G-12S+2XS ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) sftp - fixed "flash" directory access (introduced in v6.46);
*) smb - fixed file path validation (introduced in v6.46);
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) snmp - fixed "current" value reporting on CCR series devices;
*) snmp - fixed "fan-speed" value reporting on CCR series devices;
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - updated "indonesia5" regulatory domain information;
*) www - improved WWW service stability when receiving bogus packets;
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed QSFP+ interface linking after reboot for CRS326-24S+2Q+ (introduced in v6.47);
*) discovery - use "static" interface list by default instead of "!dynamic";
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) interface - added new builtin "static" interface list;
*) l2tp - fixed multiple tunnel establishment from the same remote IP address (introduced in v6.47);
*) lora - fixed "spoof-gps" parameter padding (introduced in v6.47.1);
*) lte - fixed dynamic DHCP client creation when editing APN profile;
*) ospf - fixed case when changing one distribution metric changed metrics for other distribution options;
*) ppp - fixed PPP interface editing for the first time after reboot or after 20 seconds;
*) qsfp - fixed break-out cable linking after reboot (introduced in v6.47);
*) routerboot - fixed memory test on CCR2004-1G-12S+2XS ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) sftp - fixed "flash" directory access (introduced in v6.46);
*) smb - fixed file path validation (introduced in v6.46);
*) smb - fixed possible memory leak;
*) smb - fixed SMB server (introduced in v6.47);
*) smb - limit active session count to 5 per connection;
*) snmp - fixed "current" value reporting on CCR series devices;
*) snmp - fixed "fan-speed" value reporting on CCR series devices;
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - updated "indonesia5" regulatory domain information;
*) www - improved WWW service stability when receiving bogus packets;
Версия 6.47.1
2020-07-10
What's new in 6.47.1 (2020-Jul-08 12:34):
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) defconf - fixed default configuration generation on devices without "wireless" package installed;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dns - do not allow setting "forward-to" same as "name" or "regex";
*) dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
*) dns - do not use DoH for local queries when a server is specified;
*) export - fixed HotSpot "address-per-mac" parameter export;
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) ftp - fixed possible buffer overflow;
*) ike2 - fixed initiator child SA init without policy;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) lora - added "spoof-gps" parameter for fake GPS coordinate sending;
*) lora - fixed JSON statistics inaccuracies;
*) lte - added support for MTS 8810FT;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - improved route tag processing for OSPFv3;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed auto-negotiation status;
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) routerboard - fixed "reset-button" menu presence on all devices;
*) supout - added "LoRa" section to supout file;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) winbox - fixed flag displaying under "IP/DNS/Static" table;
*) winbox - fixed minor typo in "BGP/Peer" menu;
*) winbox - hide irrelevant switch port parameters;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) defconf - fixed default configuration generation on devices without "wireless" package installed;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dns - do not allow setting "forward-to" same as "name" or "regex";
*) dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
*) dns - do not use DoH for local queries when a server is specified;
*) export - fixed HotSpot "address-per-mac" parameter export;
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) ftp - fixed possible buffer overflow;
*) ike2 - fixed initiator child SA init without policy;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) lora - added "spoof-gps" parameter for fake GPS coordinate sending;
*) lora - fixed JSON statistics inaccuracies;
*) lte - added support for MTS 8810FT;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - improved route tag processing for OSPFv3;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed auto-negotiation status;
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) routerboard - fixed "reset-button" menu presence on all devices;
*) supout - added "LoRa" section to supout file;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) winbox - fixed flag displaying under "IP/DNS/Static" table;
*) winbox - fixed minor typo in "BGP/Peer" menu;
*) winbox - hide irrelevant switch port parameters;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
Версия 6.47.1
2020-07-10
What's new in 6.47.1 (2020-Jul-08 12:34):
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) defconf - fixed default configuration generation on devices without "wireless" package installed;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dns - do not allow setting "forward-to" same as "name" or "regex";
*) dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
*) dns - do not use DoH for local queries when a server is specified;
*) export - fixed HotSpot "address-per-mac" parameter export;
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) ftp - fixed possible buffer overflow;
*) ike2 - fixed initiator child SA init without policy;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) lora - added "spoof-gps" parameter for fake GPS coordinate sending;
*) lora - fixed JSON statistics inaccuracies;
*) lte - added support for MTS 8810FT;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - improved route tag processing for OSPFv3;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed auto-negotiation status;
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) routerboard - fixed "reset-button" menu presence on all devices;
*) supout - added "LoRa" section to supout file;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) winbox - fixed flag displaying under "IP/DNS/Static" table;
*) winbox - fixed minor typo in "BGP/Peer" menu;
*) winbox - hide irrelevant switch port parameters;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) defconf - fixed default configuration generation on devices without "wireless" package installed;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dns - do not allow setting "forward-to" same as "name" or "regex";
*) dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
*) dns - do not use DoH for local queries when a server is specified;
*) export - fixed HotSpot "address-per-mac" parameter export;
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) ftp - fixed possible buffer overflow;
*) ike2 - fixed initiator child SA init without policy;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) lora - added "spoof-gps" parameter for fake GPS coordinate sending;
*) lora - fixed JSON statistics inaccuracies;
*) lte - added support for MTS 8810FT;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - improved route tag processing for OSPFv3;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed auto-negotiation status;
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) routerboard - fixed "reset-button" menu presence on all devices;
*) supout - added "LoRa" section to supout file;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) winbox - fixed flag displaying under "IP/DNS/Static" table;
*) winbox - fixed minor typo in "BGP/Peer" menu;
*) winbox - hide irrelevant switch port parameters;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
Версия 6.47.1
2020-07-10
What's new in 6.47.1 (2020-Jul-08 12:34):
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) defconf - fixed default configuration generation on devices without "wireless" package installed;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dns - do not allow setting "forward-to" same as "name" or "regex";
*) dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
*) dns - do not use DoH for local queries when a server is specified;
*) export - fixed HotSpot "address-per-mac" parameter export;
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) ftp - fixed possible buffer overflow;
*) ike2 - fixed initiator child SA init without policy;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) lora - added "spoof-gps" parameter for fake GPS coordinate sending;
*) lora - fixed JSON statistics inaccuracies;
*) lte - added support for MTS 8810FT;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - improved route tag processing for OSPFv3;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed auto-negotiation status;
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) routerboard - fixed "reset-button" menu presence on all devices;
*) supout - added "LoRa" section to supout file;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) winbox - fixed flag displaying under "IP/DNS/Static" table;
*) winbox - fixed minor typo in "BGP/Peer" menu;
*) winbox - hide irrelevant switch port parameters;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
*) crs3xx - fixed HW offloading for netPower 15FR and netPower 16P devices (introduced in v6.47);
*) crs3xx - fixed increased CPU temperature for CRS354-48G-4S+2Q+ device (introduced in v6.47);
*) crs3xx - improved Ethernet port group traffic forwarding for CRS354 devices;
*) defconf - fixed default configuration generation on devices without "wireless" package installed;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dns - do not allow setting "forward-to" same as "name" or "regex";
*) dns - do not allow setting zero value IP addresses for "A" and "AAAA" records;
*) dns - do not use DoH for local queries when a server is specified;
*) export - fixed HotSpot "address-per-mac" parameter export;
*) filesystem - fixed increased "sector writes" reporting (introduced in v6.47);
*) ftp - fixed possible buffer overflow;
*) ike2 - fixed initiator child SA init without policy;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ipsec - do not update peer endpoints for generated policy entries (introduced in v6.47);
*) lora - added "spoof-gps" parameter for fake GPS coordinate sending;
*) lora - fixed JSON statistics inaccuracies;
*) lte - added support for MTS 8810FT;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - improved route tag processing for OSPFv3;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) profile - fixed "unclassified" load reporting on PowerPC devices (introduced in v6.47);
*) qsfp - fixed auto-negotiation status;
*) qsfp - ignore FEC mode when set to fec91, only fec74 mode is supported (introduced in v6.47);
*) routerboard - fixed "mode-button" support on SMIPS devices (introduced in v6.47);
*) routerboard - fixed "reset-button" menu presence on all devices;
*) supout - added "LoRa" section to supout file;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) winbox - fixed flag displaying under "IP/DNS/Static" table;
*) winbox - fixed minor typo in "BGP/Peer" menu;
*) winbox - hide irrelevant switch port parameters;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
Версия 6.47
2020-06-02
What's new in 6.47 (2020-Jun-02 07:38):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy automatically on upgrade;
----------------------
Changes in this release:
*) api - added ECDHE cipher support for "api-ssl" service;
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - improved branding package installation process when another branding package is already installed;
*) bridge - added logging debug message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when a bridge port gets dynamically added to VLAN range;
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) chr - added support for hardware watchdog on ESXI;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) crs3xx - improved switch host table updating;
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - do not require "server" parameter for bindings;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved disk management service stability when receiving bogus packets;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dns - added support for forwarding DNS queries of static entries to specific server;
*) dns - added support for multiple type static entries;
*) dot1x - added "radius-mac-format" parameter;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved Dot1X service stability when receiving bogus packets;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients;
*) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) graphing - improved graphing service stability when receiving bogus packets;
*) health - added "gauges" submenu with SNMP OID reporting;
*) health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) ike2 - added support for RFC8598;
*) ike2 - allow initiator address change before authentication;
*) ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
*) interface - improved system stability when receiving bogus packets;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - added "split-dns" parameter support for mode configuration;
*) ipsec - added "use-responder-dns" parameter support;
*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) ipsec - place dynamically created IPsec policies by L2TP client at the begining of the table;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) l2tp - added "src-address" parameter for L2TP client;
*) l2tp - added "use-peer-dns" parameter for L2TP client;
*) l2tp - improved dynamically created IPsec configuration updating;
*) l2tp - use L2TP interface when adding dynamic IPsec peer;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) lcd - improved general system stability when LCD is not present;
*) led - fixed minor typo in LED warning message;
*) log - added logging entry when changing user's password;
*) log - added tunnel endpoint address to establishment and disconnect logging entries;
*) log - made startup script failures log as critical errors;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" parameter persistence after disable/enable;
*) lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
*) lte - fixed VLAN interface passthrough support;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved stability during firmware upgrade;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) netwatch - improved Netwatch service stability when invalid configuration values are passed;
*) ovpn - added "use-peer-dns" parameter for OVPN client;
*) port - removed serial console port on hEX S;
*) ppp - added "Acct-Session-Id" attribute to "Access-Request" messages;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) pptp - added "use-peer-dns" parameter for PPTP client;
*) profile - added support for CCR2004-1G-12S+2XS;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routerboard - added "hold-time" parameter to mode-button menu;
*) routerboard - added "reset-button" menu - custom command execution with reset button;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) routing - improved routing service stability when receiving bogus packets;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - improved SSH service stability when receiving bogus packets;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - added LTE firmware update functionality support;
*) tr069-client - added additional LTE information parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added interface type parameter support;
*) tr069-client - added multiple simultaneous session support for diagnostics test;
*) tr069-client - added total connection tracking entries parameter;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and NetFlow v9;
*) upgrade - fixed space handling in package file names;
*) ups - added battery info for APC SmartUPS 2200;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user - improved user management service stability when receiving bogus packets;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auth-info" parameter under "Dot1X->Active" menu;
*) winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
*) winbox - added "comment" parameter for Dot1X client;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - added "skip-dfs-channels" parameter to wireless interface menu;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - fixed wireless sniffer parameter setting;
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed Nstreme wireless protocol performance decrease;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "egypt" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu;
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy automatically on upgrade;
----------------------
Changes in this release:
*) api - added ECDHE cipher support for "api-ssl" service;
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - improved branding package installation process when another branding package is already installed;
*) bridge - added logging debug message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when a bridge port gets dynamically added to VLAN range;
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) chr - added support for hardware watchdog on ESXI;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) crs3xx - improved switch host table updating;
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - do not require "server" parameter for bindings;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved disk management service stability when receiving bogus packets;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dns - added support for forwarding DNS queries of static entries to specific server;
*) dns - added support for multiple type static entries;
*) dot1x - added "radius-mac-format" parameter;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved Dot1X service stability when receiving bogus packets;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients;
*) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) graphing - improved graphing service stability when receiving bogus packets;
*) health - added "gauges" submenu with SNMP OID reporting;
*) health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) ike2 - added support for RFC8598;
*) ike2 - allow initiator address change before authentication;
*) ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
*) interface - improved system stability when receiving bogus packets;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - added "split-dns" parameter support for mode configuration;
*) ipsec - added "use-responder-dns" parameter support;
*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) ipsec - place dynamically created IPsec policies by L2TP client at the begining of the table;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) l2tp - added "src-address" parameter for L2TP client;
*) l2tp - added "use-peer-dns" parameter for L2TP client;
*) l2tp - improved dynamically created IPsec configuration updating;
*) l2tp - use L2TP interface when adding dynamic IPsec peer;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) lcd - improved general system stability when LCD is not present;
*) led - fixed minor typo in LED warning message;
*) log - added logging entry when changing user's password;
*) log - added tunnel endpoint address to establishment and disconnect logging entries;
*) log - made startup script failures log as critical errors;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" parameter persistence after disable/enable;
*) lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
*) lte - fixed VLAN interface passthrough support;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved stability during firmware upgrade;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) netwatch - improved Netwatch service stability when invalid configuration values are passed;
*) ovpn - added "use-peer-dns" parameter for OVPN client;
*) port - removed serial console port on hEX S;
*) ppp - added "Acct-Session-Id" attribute to "Access-Request" messages;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) pptp - added "use-peer-dns" parameter for PPTP client;
*) profile - added support for CCR2004-1G-12S+2XS;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routerboard - added "hold-time" parameter to mode-button menu;
*) routerboard - added "reset-button" menu - custom command execution with reset button;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) routing - improved routing service stability when receiving bogus packets;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - improved SSH service stability when receiving bogus packets;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - added LTE firmware update functionality support;
*) tr069-client - added additional LTE information parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added interface type parameter support;
*) tr069-client - added multiple simultaneous session support for diagnostics test;
*) tr069-client - added total connection tracking entries parameter;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and NetFlow v9;
*) upgrade - fixed space handling in package file names;
*) ups - added battery info for APC SmartUPS 2200;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user - improved user management service stability when receiving bogus packets;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auth-info" parameter under "Dot1X->Active" menu;
*) winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
*) winbox - added "comment" parameter for Dot1X client;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - added "skip-dfs-channels" parameter to wireless interface menu;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - fixed wireless sniffer parameter setting;
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed Nstreme wireless protocol performance decrease;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "egypt" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu;
Версия 6.47
2020-06-02
What's new in 6.47 (2020-Jun-02 07:38):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy automatically on upgrade;
----------------------
Changes in this release:
*) api - added ECDHE cipher support for "api-ssl" service;
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - improved branding package installation process when another branding package is already installed;
*) bridge - added logging debug message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when a bridge port gets dynamically added to VLAN range;
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) chr - added support for hardware watchdog on ESXI;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) crs3xx - improved switch host table updating;
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - do not require "server" parameter for bindings;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved disk management service stability when receiving bogus packets;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dns - added support for forwarding DNS queries of static entries to specific server;
*) dns - added support for multiple type static entries;
*) dot1x - added "radius-mac-format" parameter;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved Dot1X service stability when receiving bogus packets;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients;
*) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) graphing - improved graphing service stability when receiving bogus packets;
*) health - added "gauges" submenu with SNMP OID reporting;
*) health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) ike2 - added support for RFC8598;
*) ike2 - allow initiator address change before authentication;
*) ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
*) interface - improved system stability when receiving bogus packets;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - added "split-dns" parameter support for mode configuration;
*) ipsec - added "use-responder-dns" parameter support;
*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) ipsec - place dynamically created IPsec policies by L2TP client at the begining of the table;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) l2tp - added "src-address" parameter for L2TP client;
*) l2tp - added "use-peer-dns" parameter for L2TP client;
*) l2tp - improved dynamically created IPsec configuration updating;
*) l2tp - use L2TP interface when adding dynamic IPsec peer;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) lcd - improved general system stability when LCD is not present;
*) led - fixed minor typo in LED warning message;
*) log - added logging entry when changing user's password;
*) log - added tunnel endpoint address to establishment and disconnect logging entries;
*) log - made startup script failures log as critical errors;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" parameter persistence after disable/enable;
*) lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
*) lte - fixed VLAN interface passthrough support;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved stability during firmware upgrade;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) netwatch - improved Netwatch service stability when invalid configuration values are passed;
*) ovpn - added "use-peer-dns" parameter for OVPN client;
*) port - removed serial console port on hEX S;
*) ppp - added "Acct-Session-Id" attribute to "Access-Request" messages;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) pptp - added "use-peer-dns" parameter for PPTP client;
*) profile - added support for CCR2004-1G-12S+2XS;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routerboard - added "hold-time" parameter to mode-button menu;
*) routerboard - added "reset-button" menu - custom command execution with reset button;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) routing - improved routing service stability when receiving bogus packets;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - improved SSH service stability when receiving bogus packets;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - added LTE firmware update functionality support;
*) tr069-client - added additional LTE information parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added interface type parameter support;
*) tr069-client - added multiple simultaneous session support for diagnostics test;
*) tr069-client - added total connection tracking entries parameter;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and NetFlow v9;
*) upgrade - fixed space handling in package file names;
*) ups - added battery info for APC SmartUPS 2200;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user - improved user management service stability when receiving bogus packets;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auth-info" parameter under "Dot1X->Active" menu;
*) winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
*) winbox - added "comment" parameter for Dot1X client;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - added "skip-dfs-channels" parameter to wireless interface menu;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - fixed wireless sniffer parameter setting;
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed Nstreme wireless protocol performance decrease;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "egypt" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu;
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy automatically on upgrade;
----------------------
Changes in this release:
*) api - added ECDHE cipher support for "api-ssl" service;
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - improved branding package installation process when another branding package is already installed;
*) bridge - added logging debug message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when a bridge port gets dynamically added to VLAN range;
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) chr - added support for hardware watchdog on ESXI;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) crs3xx - improved switch host table updating;
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - do not require "server" parameter for bindings;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved disk management service stability when receiving bogus packets;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dns - added support for forwarding DNS queries of static entries to specific server;
*) dns - added support for multiple type static entries;
*) dot1x - added "radius-mac-format" parameter;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved Dot1X service stability when receiving bogus packets;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients;
*) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) graphing - improved graphing service stability when receiving bogus packets;
*) health - added "gauges" submenu with SNMP OID reporting;
*) health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) ike2 - added support for RFC8598;
*) ike2 - allow initiator address change before authentication;
*) ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
*) interface - improved system stability when receiving bogus packets;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - added "split-dns" parameter support for mode configuration;
*) ipsec - added "use-responder-dns" parameter support;
*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) ipsec - place dynamically created IPsec policies by L2TP client at the begining of the table;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) l2tp - added "src-address" parameter for L2TP client;
*) l2tp - added "use-peer-dns" parameter for L2TP client;
*) l2tp - improved dynamically created IPsec configuration updating;
*) l2tp - use L2TP interface when adding dynamic IPsec peer;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) lcd - improved general system stability when LCD is not present;
*) led - fixed minor typo in LED warning message;
*) log - added logging entry when changing user's password;
*) log - added tunnel endpoint address to establishment and disconnect logging entries;
*) log - made startup script failures log as critical errors;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" parameter persistence after disable/enable;
*) lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
*) lte - fixed VLAN interface passthrough support;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved stability during firmware upgrade;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) netwatch - improved Netwatch service stability when invalid configuration values are passed;
*) ovpn - added "use-peer-dns" parameter for OVPN client;
*) port - removed serial console port on hEX S;
*) ppp - added "Acct-Session-Id" attribute to "Access-Request" messages;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) pptp - added "use-peer-dns" parameter for PPTP client;
*) profile - added support for CCR2004-1G-12S+2XS;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routerboard - added "hold-time" parameter to mode-button menu;
*) routerboard - added "reset-button" menu - custom command execution with reset button;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) routing - improved routing service stability when receiving bogus packets;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - improved SSH service stability when receiving bogus packets;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - added LTE firmware update functionality support;
*) tr069-client - added additional LTE information parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added interface type parameter support;
*) tr069-client - added multiple simultaneous session support for diagnostics test;
*) tr069-client - added total connection tracking entries parameter;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and NetFlow v9;
*) upgrade - fixed space handling in package file names;
*) ups - added battery info for APC SmartUPS 2200;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user - improved user management service stability when receiving bogus packets;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auth-info" parameter under "Dot1X->Active" menu;
*) winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
*) winbox - added "comment" parameter for Dot1X client;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - added "skip-dfs-channels" parameter to wireless interface menu;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - fixed wireless sniffer parameter setting;
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed Nstreme wireless protocol performance decrease;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "egypt" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu;
Версия 6.47
2020-06-02
What's new in 6.47 (2020-Jun-02 07:38):
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy automatically on upgrade;
----------------------
Changes in this release:
*) api - added ECDHE cipher support for "api-ssl" service;
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - improved branding package installation process when another branding package is already installed;
*) bridge - added logging debug message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when a bridge port gets dynamically added to VLAN range;
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) chr - added support for hardware watchdog on ESXI;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) crs3xx - improved switch host table updating;
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - do not require "server" parameter for bindings;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved disk management service stability when receiving bogus packets;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dns - added support for forwarding DNS queries of static entries to specific server;
*) dns - added support for multiple type static entries;
*) dot1x - added "radius-mac-format" parameter;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved Dot1X service stability when receiving bogus packets;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients;
*) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) graphing - improved graphing service stability when receiving bogus packets;
*) health - added "gauges" submenu with SNMP OID reporting;
*) health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) ike2 - added support for RFC8598;
*) ike2 - allow initiator address change before authentication;
*) ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
*) interface - improved system stability when receiving bogus packets;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - added "split-dns" parameter support for mode configuration;
*) ipsec - added "use-responder-dns" parameter support;
*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) ipsec - place dynamically created IPsec policies by L2TP client at the begining of the table;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) l2tp - added "src-address" parameter for L2TP client;
*) l2tp - added "use-peer-dns" parameter for L2TP client;
*) l2tp - improved dynamically created IPsec configuration updating;
*) l2tp - use L2TP interface when adding dynamic IPsec peer;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) lcd - improved general system stability when LCD is not present;
*) led - fixed minor typo in LED warning message;
*) log - added logging entry when changing user's password;
*) log - added tunnel endpoint address to establishment and disconnect logging entries;
*) log - made startup script failures log as critical errors;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" parameter persistence after disable/enable;
*) lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
*) lte - fixed VLAN interface passthrough support;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved stability during firmware upgrade;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) netwatch - improved Netwatch service stability when invalid configuration values are passed;
*) ovpn - added "use-peer-dns" parameter for OVPN client;
*) port - removed serial console port on hEX S;
*) ppp - added "Acct-Session-Id" attribute to "Access-Request" messages;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) pptp - added "use-peer-dns" parameter for PPTP client;
*) profile - added support for CCR2004-1G-12S+2XS;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routerboard - added "hold-time" parameter to mode-button menu;
*) routerboard - added "reset-button" menu - custom command execution with reset button;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) routing - improved routing service stability when receiving bogus packets;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - improved SSH service stability when receiving bogus packets;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - added LTE firmware update functionality support;
*) tr069-client - added additional LTE information parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added interface type parameter support;
*) tr069-client - added multiple simultaneous session support for diagnostics test;
*) tr069-client - added total connection tracking entries parameter;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and NetFlow v9;
*) upgrade - fixed space handling in package file names;
*) ups - added battery info for APC SmartUPS 2200;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user - improved user management service stability when receiving bogus packets;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auth-info" parameter under "Dot1X->Active" menu;
*) winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
*) winbox - added "comment" parameter for Dot1X client;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - added "skip-dfs-channels" parameter to wireless interface menu;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - fixed wireless sniffer parameter setting;
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed Nstreme wireless protocol performance decrease;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "egypt" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu;
Important note!!!
- The Dude server must be updated to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4 and v6.47beta30+ RouterOS type devices.
- Make sure LTE APN Profile name does not match any of the DHCP server's names if LTE passthrough is used.
MAJOR CHANGES IN v6.47:
----------------------
!) dns - added client side support for DNS over HTTPS (DoH) (RFC8484);
!) socks - added support for SOCKS5 (RFC 1928);
!) user - enable "winbox" policy for groups with "dude" policy automatically on upgrade;
----------------------
Changes in this release:
*) api - added ECDHE cipher support for "api-ssl" service;
*) bonding - improved slave interface MAC address handling;
*) bonding - prefer primary slave MAC address for bonding interface;
*) branding - do not ask to confirm configuration applied from branding package;
*) branding - fixed identity setting from branding package;
*) branding - improved branding package installation process when another branding package is already installed;
*) bridge - added logging debug message when a host MAC address is learned on a different bridge port;
*) bridge - added warning message when a bridge port gets dynamically added to VLAN range;
*) bridge - correctly remove disabled MSTI;
*) bridge - improved hardware offloading enabling/disabling;
*) certificate - added "skid" and "akid" values for detailed print;
*) certificate - allow dynamic CRL removal;
*) certificate - disabled CRL usage by default;
*) certificate - do not use SSL for first CRL update;
*) chr - added support for file system quiescing;
*) chr - added support for hardware watchdog on ESXI;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) crs3xx - correctly remove switch rules on CRS317-1G-16S+ and CRS309-1G-8S+ devices;
*) crs3xx - fixed "ingress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - fixed hardware offloaded bonding on Ethernet interfaces for CRS354 devices;
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) crs3xx - improved switch host table updating;
*) crs3xx - show correct switch model for netPower 15FR device;
*) defconf - fixed default configuration initialization if power loss occurred during the process;
*) dhcpv4 - added end option (255) validation for both server and client;
*) dhcpv4-client - improved stability when changing client while still receiving advertisements;
*) dhcpv4-server - disallow zero lease-time setting;
*) dhcpv6-client - improved error logging when when renewed address differs;
*) dhcpv6-server - do not require "server" parameter for bindings;
*) dhcpv6-server - fixed MAC address retrieving from DUID when timestamp is present;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) disk - improved disk management service stability when receiving bogus packets;
*) disk - improved recently created file survival after reboots;
*) dns - added support for exclusive dynamic DNS server usage from IPsec;
*) dns - added support for forwarding DNS queries of static entries to specific server;
*) dns - added support for multiple type static entries;
*) dot1x - added "radius-mac-format" parameter;
*) dot1x - added hex value support for RADIUS switch rules;
*) dot1x - added range "dst-port" support for RADIUS switch rules;
*) dot1x - added support for lower case "mac-auth" RADIUS formats;
*) dot1x - fixed "reject-vlan-id" value range;
*) dot1x - fixed dynamically created switch rule removal when client disconnects;
*) dot1x - fixed port blocking when interface changes state from disabled to enabled;
*) dot1x - improved Dot1X service stability when receiving bogus packets;
*) dot1x - improved debug logging output to "dot1x" topic;
*) dot1x - improved value validation for dynamically created switch rules;
*) email - added support for multiple "to" recipients;
*) ethernet - fixed interface stopping responding after blink command execution on CCR2004-1G-12S+2XS;
*) fetch - fixed "User-Agent" usage if provided by "http-header-field";
*) graphing - improved graphing service stability when receiving bogus packets;
*) health - added "gauges" submenu with SNMP OID reporting;
*) health - improved stability for system health monitor on CCR2004-1G-12S+2XS;
*) hotspot - updated splash page design ('/ip hotspot reset-html' required);
*) ike1 - added error message when specifying "my-id" for XAuth identity;
*) ike1 - added support for "UNITY_DEF_DOMAIN" and "UNITY_SPLITDNS_NAME" payload attributes;
*) ike1 - do not try to keep phase 2 when purging phase 1;
*) ike1 - improved policy lookup with specific protocol;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - added support for "INTERNAL_DNS_DOMAIN" payload attribute;
*) ike2 - added support for RADIUS Disconnect-Request message handling;
*) ike2 - added support for RFC8598;
*) ike2 - allow initiator address change before authentication;
*) ike2 - fixed authentication handling when initiator disconnects before RADIUS response;
*) interface - improved system stability when receiving bogus packets;
*) interface - increased loopback interface MTU to 65536;
*) ipsec - added "split-dns" parameter support for mode configuration;
*) ipsec - added "use-responder-dns" parameter support;
*) ipsec - allow specifying two peers for a single policy for failover;
*) ipsec - control CRL validation with global "use-crl" setting;
*) ipsec - do full certificate validation for identities with explicit certificate;
*) ipsec - fixed minor spelling mistake in logs;
*) ipsec - improved IPsec service stability when receiving bogus packets;
*) ipsec - place dynamically created IPsec policies by L2TP client at the begining of the table;
*) kidcontrol - ignore IPv6 multicast MAC addresses;
*) l2tp - added "src-address" parameter for L2TP client;
*) l2tp - added "use-peer-dns" parameter for L2TP client;
*) l2tp - improved dynamically created IPsec configuration updating;
*) l2tp - use L2TP interface when adding dynamic IPsec peer;
*) lcd - fixed LCD service becoming unavailable on devices without LCD screen;
*) lcd - improved general system stability when LCD is not present;
*) led - fixed minor typo in LED warning message;
*) log - added logging entry when changing user's password;
*) log - added tunnel endpoint address to establishment and disconnect logging entries;
*) log - made startup script failures log as critical errors;
*) lte - added support for Huawei K5161 modem;
*) lte - added support for NEOWAY N720;
*) lte - added support for multiple passthrough APN configuration;
*) lte - do not allow running "scan" on R11e-4G;
*) lte - fixed "allow-roaming" setting when using LTE network mode on R11e-LTE;
*) lte - fixed "band" parameter persistence after disable/enable;
*) lte - fixed "ecno" and "rscp" value reporting on R11e-LTE6;
*) lte - fixed VLAN interface passthrough support;
*) lte - fixed multiple APN reactivation after deactivation by operator;
*) lte - improved stability during firmware upgrade;
*) lte - made "mac-address" parameter read-only;
*) lte - show "phy-cellid" value only in LTE mode;
*) netinstall - removed "Flashfig" from Netinstall;
*) netinstall - removed "Make Floppy" from Netinstall;
*) netinstall - signed netinstall.exe with Digital Signature;
*) netwatch - improved Netwatch service stability when invalid configuration values are passed;
*) ovpn - added "use-peer-dns" parameter for OVPN client;
*) port - removed serial console port on hEX S;
*) ppp - added "Acct-Session-Id" attribute to "Access-Request" messages;
*) ppp - added support for ZTE MF90;
*) ppp - fixed minor typo when running "info" command;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) pptp - added "use-peer-dns" parameter for PPTP client;
*) profile - added support for CCR2004-1G-12S+2XS;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) qsfp - added support for FEC mode (fec74), with the FEC mode disabled by default;
*) quickset - do not show "SINR" field in Quick Set when there is no data;
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) quickset - removed "EARFCN" field from Quick Set;
*) quickset - removed "LTE band" setting from Quick Set;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) quickset - use "station-wds" mode when connecting to AP with RouterOS flag;
*) route - improved system stability after reboot with large amount of VLAN interfaces with PPPoE servers attached;
*) routerboard - added "hold-time" parameter to mode-button menu;
*) routerboard - added "reset-button" menu - custom command execution with reset button;
*) routing - improved IGMP-Proxy service stability when receiving bogus packets;
*) routing - improved routing service stability when receiving bogus packets;
*) sfp28 - added support for FEC modes (fec74 and fec91), with fec91 mode already enabled by default;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) snmp - changed "upsEstimatedMinutesRemaining" reported value from seconds to minutes;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - improved OID policy checking and error reporting on "set" command;
*) snmp - improved stability when polling MAC address related OID;
*) ssh - improved SSH service stability when receiving bogus packets;
*) supout - added "dot1x" section to supout files;
*) supout - improved UPS information reporting;
*) switch - correctly display switch statistics when all switch ports are disabled on RTL8367 switch chip;
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) switch - made "auto" the default value for "vlan-id" parameter when creating a new static host entry;
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved driver loading speed on startup;
*) tr069-client - added LTE firmware update functionality support;
*) tr069-client - added additional LTE information parameters;
*) tr069-client - added additional wireless registration table parameters;
*) tr069-client - added interface type parameter support;
*) tr069-client - added multiple simultaneous session support for diagnostics test;
*) tr069-client - added total connection tracking entries parameter;
*) tr069-client - removed warning log message when not using HTTPS;
*) traffic-flow - added "postDestinationMacAddress" parameter support for IPFIX and NetFlow v9;
*) upgrade - fixed space handling in package file names;
*) ups - added battery info for APC SmartUPS 2200;
*) ups - improved compatibility with APC Smart UPS 1000 and 1500;
*) user - improved user management service stability when receiving bogus packets;
*) w60g - fixed link status logging;
*) w60g - improved rate selection in low traffic conditions;
*) w60g - use "arp" and "mtu" parameters from master interface when creating a new station;
*) webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
*) webfig - fixed WinBox download link;
*) webfig - fixed skin usage from branding package;
*) webfig - updated icon design;
*) winbox - added "Rate" parameter for switch ACL rules;
*) winbox - added "auth-info" parameter under "Dot1X->Active" menu;
*) winbox - added "auth-types", "comment", "mac-auth-mode" and "reject-vlan-id" parameters for Dot1X server;
*) winbox - added "auto-erase" option to "Tool/SMS" menu;
*) winbox - added "bus" parameter for "USB Power Reset" command on NetMetal ac^2;
*) winbox - added "bus" parameter for "USB Power Reset" command on RBM33G;
*) winbox - added "comment" parameter and "dynamic" flag support under "Switch->Rule" table;
*) winbox - added "comment" parameter for Dot1X client;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - added "skip-dfs-channels" parameter to wireless interface menu;
*) winbox - added comment support for "Switch->VLAN" menu;
*) winbox - added enable and disable buttons for "MPLS->MPLS Interface" table;
*) winbox - added support for inline bar graphs for LTE signal values;
*) winbox - aligned all "IP->Traffic Flow->IPFIX" check boxes in single line (WinBox v3.22 required);
*) winbox - allow setting "Primary" parameter for "balance-tlb" bonding interfaces;
*) winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed "BGP Origin" value display under "IPv6->Routes" menu;
*) winbox - fixed "Data Rate" checkbox alignment (WinBox v3.22 required);
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed WDS usage when connecting to RouterOS access point using QuickSet;
*) winbox - fixed bonding type interface support for "Switch->Host" table;
*) winbox - fixed dates and times in interface link up/down properties (WinBox v3.24 required);
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - fixed wireless sniffer parameter setting;
*) winbox - limit number of simultaneous WinBox sessions to 5 for users without "write" permission;
*) winbox - made "yes" the default value for "Inject Summary LSAs" parameter when creating a new NSSA or STUB area;
*) winbox - removed duplicate "join-eui", "dev-eui", "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "Hardware Offload" parameter for bonding interfaces;
*) winbox - updated icon design;
*) wireless - added "russia 6ghz" regulatory domain information;
*) wireless - enabled unicast flood for DHCP traffic on ARM architecture access points;
*) wireless - fixed Nstreme wireless protocol performance decrease;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "egypt" regulatory domain information;
*) wireless - updated "russia4" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu;
Версия 6.46.6
2020-05-14
What's new in 6.46.6 (2020-Apr-27 10:32):
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
Changes in this release:
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) defconf - fixed default IP address assigning on non-paired 60 GHz devices;
*) lora - added "altitude", "latitude" and "longitude" to stat json if GPS is available;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) snmp - fixed multiple LTE interface OID reporting;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) winbox - fixed memory leak (introduced in v6.46.4);
*) winbox - increased limit of multi-entry fields to 100;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "south africa" regulatory domain information;
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
Changes in this release:
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) defconf - fixed default IP address assigning on non-paired 60 GHz devices;
*) lora - added "altitude", "latitude" and "longitude" to stat json if GPS is available;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) snmp - fixed multiple LTE interface OID reporting;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) winbox - fixed memory leak (introduced in v6.46.4);
*) winbox - increased limit of multi-entry fields to 100;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "south africa" regulatory domain information;
Версия 6.46.6
2020-05-14
What's new in 6.46.6 (2020-Apr-27 10:32):
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
Changes in this release:
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) defconf - fixed default IP address assigning on non-paired 60 GHz devices;
*) lora - added "altitude", "latitude" and "longitude" to stat json if GPS is available;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) snmp - fixed multiple LTE interface OID reporting;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) winbox - fixed memory leak (introduced in v6.46.4);
*) winbox - increased limit of multi-entry fields to 100;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "south africa" regulatory domain information;
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
Changes in this release:
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) defconf - fixed default IP address assigning on non-paired 60 GHz devices;
*) lora - added "altitude", "latitude" and "longitude" to stat json if GPS is available;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) snmp - fixed multiple LTE interface OID reporting;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) winbox - fixed memory leak (introduced in v6.46.4);
*) winbox - increased limit of multi-entry fields to 100;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "south africa" regulatory domain information;
Версия 6.46.6
2020-05-14
What's new in 6.46.6 (2020-Apr-27 10:32):
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
Changes in this release:
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) defconf - fixed default IP address assigning on non-paired 60 GHz devices;
*) lora - added "altitude", "latitude" and "longitude" to stat json if GPS is available;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) snmp - fixed multiple LTE interface OID reporting;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) winbox - fixed memory leak (introduced in v6.46.4);
*) winbox - increased limit of multi-entry fields to 100;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "south africa" regulatory domain information;
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
Changes in this release:
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) defconf - fixed default IP address assigning on non-paired 60 GHz devices;
*) lora - added "altitude", "latitude" and "longitude" to stat json if GPS is available;
*) lte - fixed "band" value setting when configuration is reset on R11e-4G;
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) snmp - fixed multiple LTE interface OID reporting;
*) ssh - fixed SHA256 user authentication algorithm checking (introduced in v6.46.4);
*) winbox - fixed memory leak (introduced in v6.46.4);
*) winbox - increased limit of multi-entry fields to 100;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "south africa" regulatory domain information;
Версия 6.46.5
2020-04-08
What's new in 6.46.5 (2020-Apr-07 08:28):
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.46.5:
----------------------
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) capsman - fixed "certificate" parameter updating on CAP;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) sniffer - fixed minor typo in "host" menu;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) system - improved kernel panic reporting in logs after reboot;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) traceroute - improved stability when invalid packet is received;
*) traffic-generator - improved statistics reporting;
*) w60g - improved stability after multiple disconnections;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "indonesia4" regulatory domain information;
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.46.5:
----------------------
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) capsman - fixed "certificate" parameter updating on CAP;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) sniffer - fixed minor typo in "host" menu;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) system - improved kernel panic reporting in logs after reboot;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) traceroute - improved stability when invalid packet is received;
*) traffic-generator - improved statistics reporting;
*) w60g - improved stability after multiple disconnections;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "indonesia4" regulatory domain information;
Версия 6.46.5
2020-04-08
What's new in 6.46.5 (2020-Apr-07 08:28):
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.46.5:
----------------------
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) capsman - fixed "certificate" parameter updating on CAP;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) sniffer - fixed minor typo in "host" menu;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) system - improved kernel panic reporting in logs after reboot;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) traceroute - improved stability when invalid packet is received;
*) traffic-generator - improved statistics reporting;
*) w60g - improved stability after multiple disconnections;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "indonesia4" regulatory domain information;
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.46.5:
----------------------
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) capsman - fixed "certificate" parameter updating on CAP;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) sniffer - fixed minor typo in "host" menu;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) system - improved kernel panic reporting in logs after reboot;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) traceroute - improved stability when invalid packet is received;
*) traffic-generator - improved statistics reporting;
*) w60g - improved stability after multiple disconnections;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "indonesia4" regulatory domain information;
Версия 6.46.5
2020-04-08
What's new in 6.46.5 (2020-Apr-07 08:28):
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.46.5:
----------------------
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) capsman - fixed "certificate" parameter updating on CAP;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) sniffer - fixed minor typo in "host" menu;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) system - improved kernel panic reporting in logs after reboot;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) traceroute - improved stability when invalid packet is received;
*) traffic-generator - improved statistics reporting;
*) w60g - improved stability after multiple disconnections;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "indonesia4" regulatory domain information;
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
MAJOR CHANGES IN v6.46.5:
----------------------
!) user - enable "winbox" policy for groups with "dude" policy;
----------------------
Changes in this release:
*) capsman - fixed "certificate" parameter updating on CAP;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed traffic forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) dude - fixed connection to other RouterOS type devices through The Dude agents (introduced in v6.46.4);
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) lora - added IPv6 support for LoRa packet forwarder;
*) lora - added UTC timestamp for RX events in "rxpk" json;
*) lora - added value limits for "freq-off" parameter;
*) lora - properly update source address for packets when routing table is changed;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) sniffer - fixed minor typo in "host" menu;
*) supout - added "gps" section to supout files;
*) supout - improved PoE-out information reporting;
*) system - improved kernel panic reporting in logs after reboot;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) traceroute - improved stability when invalid packet is received;
*) traffic-generator - improved statistics reporting;
*) w60g - improved stability after multiple disconnections;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - allow setting "20/40/80/160Mhz-eeeeeeCe" channel under "Channel Width" parameter;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - properly show "Hw. Offload Group" value for each interface under "Bridge->Ports" menu;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added "U-NII-2" support for hAP ac2 and RBwAPGR series devices;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - fixed default "antenna-gain" setting on SXT 2 and LtAP series devices;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "indonesia4" regulatory domain information;
Версия 6.46.4
2020-02-27
What's new in 6.46.4 (2020-Feb-21 11:26):
Important note!!!
- The Dude server must be updated to monitor 6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- To get RouterOS data from the devices, The Dude now requires RouterOS to be 6.46.4 or v6.47beta30+.
Changes in this release:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) certificate - fixed certificate verification when flushing CRL's;
*) chr - fixed graceful shutdown execution on Hyper-V (introduced in v6.46);
*) console - fixed script with "dont-require-permissions=yes" execution without sufficient permissions;
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) defconf - added welcome note with common first steps for new users;
*) dude - updated The Dude to use new style authentication method;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for R11e-LTE-US;
*) lte - do not allow using empty APN Profile names;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - use APN from network when blank APN used on R11e-4G;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) telnet - improved telnet compatibility with other client implementations;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) wireless - improved compatibility for "ETSI" wireless country profile;
Important note!!!
- The Dude server must be updated to monitor 6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- To get RouterOS data from the devices, The Dude now requires RouterOS to be 6.46.4 or v6.47beta30+.
Changes in this release:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) certificate - fixed certificate verification when flushing CRL's;
*) chr - fixed graceful shutdown execution on Hyper-V (introduced in v6.46);
*) console - fixed script with "dont-require-permissions=yes" execution without sufficient permissions;
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) defconf - added welcome note with common first steps for new users;
*) dude - updated The Dude to use new style authentication method;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for R11e-LTE-US;
*) lte - do not allow using empty APN Profile names;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - use APN from network when blank APN used on R11e-4G;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) telnet - improved telnet compatibility with other client implementations;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) wireless - improved compatibility for "ETSI" wireless country profile;
Версия 6.46.4
2020-02-27
What's new in 6.46.4 (2020-Feb-21 11:26):
Important note!!!
- The Dude server must be updated to monitor 6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- To get RouterOS data from the devices, The Dude now requires RouterOS to be 6.46.4 or v6.47beta30+.
Changes in this release:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) certificate - fixed certificate verification when flushing CRL's;
*) chr - fixed graceful shutdown execution on Hyper-V (introduced in v6.46);
*) console - fixed script with "dont-require-permissions=yes" execution without sufficient permissions;
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) defconf - added welcome note with common first steps for new users;
*) dude - updated The Dude to use new style authentication method;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for R11e-LTE-US;
*) lte - do not allow using empty APN Profile names;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - use APN from network when blank APN used on R11e-4G;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) telnet - improved telnet compatibility with other client implementations;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) wireless - improved compatibility for "ETSI" wireless country profile;
Important note!!!
- The Dude server must be updated to monitor 6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- To get RouterOS data from the devices, The Dude now requires RouterOS to be 6.46.4 or v6.47beta30+.
Changes in this release:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) certificate - fixed certificate verification when flushing CRL's;
*) chr - fixed graceful shutdown execution on Hyper-V (introduced in v6.46);
*) console - fixed script with "dont-require-permissions=yes" execution without sufficient permissions;
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) defconf - added welcome note with common first steps for new users;
*) dude - updated The Dude to use new style authentication method;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for R11e-LTE-US;
*) lte - do not allow using empty APN Profile names;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - use APN from network when blank APN used on R11e-4G;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) telnet - improved telnet compatibility with other client implementations;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) wireless - improved compatibility for "ETSI" wireless country profile;
Версия 6.46.4
2020-02-27
What's new in 6.46.4 (2020-Feb-21 11:26):
Important note!!!
- The Dude server must be updated to monitor 6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- To get RouterOS data from the devices, The Dude now requires RouterOS to be 6.46.4 or v6.47beta30+.
Changes in this release:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) certificate - fixed certificate verification when flushing CRL's;
*) chr - fixed graceful shutdown execution on Hyper-V (introduced in v6.46);
*) console - fixed script with "dont-require-permissions=yes" execution without sufficient permissions;
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) defconf - added welcome note with common first steps for new users;
*) dude - updated The Dude to use new style authentication method;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for R11e-LTE-US;
*) lte - do not allow using empty APN Profile names;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - use APN from network when blank APN used on R11e-4G;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) telnet - improved telnet compatibility with other client implementations;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) wireless - improved compatibility for "ETSI" wireless country profile;
Important note!!!
- The Dude server must be updated to monitor 6.46.4 and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- To get RouterOS data from the devices, The Dude now requires RouterOS to be 6.46.4 or v6.47beta30+.
Changes in this release:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) branding - allow forcing configuration script as default configuration (new branding packet required);
*) branding - fixed "company-url" and "router-default-name" survival after system upgrade;
*) branding - fixed WEB HTML page survival after system upgrade;
*) certificate - fixed certificate verification when flushing CRL's;
*) chr - fixed graceful shutdown execution on Hyper-V (introduced in v6.46);
*) console - fixed script with "dont-require-permissions=yes" execution without sufficient permissions;
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) defconf - added welcome note with common first steps for new users;
*) dude - updated The Dude to use new style authentication method;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) ike2 - fixed DHCP Inform package handling when received on PPPoE interface;
*) lte - added interface name prefix for logging events;
*) lte - added "phy-cellid" value support for R11e-LTE-US;
*) lte - do not allow using empty APN Profile names;
*) lte - improved all APN session activation after disconnect on R11e-LTE;
*) lte - use APN from network when blank APN used on R11e-4G;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) telnet - improved telnet compatibility with other client implementations;
*) user-manager - fixed signup enabling (introduced in v6.46);
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - completely removed old style authentication method;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) wireless - improved compatibility for "ETSI" wireless country profile;
Версия 6.46.3
2020-02-06
What's new in 6.46.3 (2020-Jan-28 10:46):
*) hotspot - fixed redirect to log in page (introduced in v6.45);
*) lora - added "ru-864-mid" channel plan;
*) lora - improved immediate packet delivery;
*) lte - added GPS port support for Quectel EP06 modem;
*) lte - added "psc" (Primary Scrambling Code) parameter for "cell-monitor" function on R11e-LTE6 and R11e-LTE;
*) lte - do not show invalid "phy-cellid" when it is not yet received on "R11e-LTE";
*) lte - do not show unrelated info parameters after network mode failover;
*) port - fixed multiple identical USB serial device detection (introduced in v6.46);
*) ppp - fixed connection establishment when receiving "0.0.0.0" DNS;
*) snmp - fixed "ifOperStatus" reporting for combo ports;
*) winbox - removed duplicate "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";
*) hotspot - fixed redirect to log in page (introduced in v6.45);
*) lora - added "ru-864-mid" channel plan;
*) lora - improved immediate packet delivery;
*) lte - added GPS port support for Quectel EP06 modem;
*) lte - added "psc" (Primary Scrambling Code) parameter for "cell-monitor" function on R11e-LTE6 and R11e-LTE;
*) lte - do not show invalid "phy-cellid" when it is not yet received on "R11e-LTE";
*) lte - do not show unrelated info parameters after network mode failover;
*) port - fixed multiple identical USB serial device detection (introduced in v6.46);
*) ppp - fixed connection establishment when receiving "0.0.0.0" DNS;
*) snmp - fixed "ifOperStatus" reporting for combo ports;
*) winbox - removed duplicate "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";
Версия 6.46.3
2020-02-06
What's new in 6.46.3 (2020-Jan-28 10:46):
*) hotspot - fixed redirect to log in page (introduced in v6.45);
*) lora - added "ru-864-mid" channel plan;
*) lora - improved immediate packet delivery;
*) lte - added GPS port support for Quectel EP06 modem;
*) lte - added "psc" (Primary Scrambling Code) parameter for "cell-monitor" function on R11e-LTE6 and R11e-LTE;
*) lte - do not show invalid "phy-cellid" when it is not yet received on "R11e-LTE";
*) lte - do not show unrelated info parameters after network mode failover;
*) port - fixed multiple identical USB serial device detection (introduced in v6.46);
*) ppp - fixed connection establishment when receiving "0.0.0.0" DNS;
*) snmp - fixed "ifOperStatus" reporting for combo ports;
*) winbox - removed duplicate "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";
*) hotspot - fixed redirect to log in page (introduced in v6.45);
*) lora - added "ru-864-mid" channel plan;
*) lora - improved immediate packet delivery;
*) lte - added GPS port support for Quectel EP06 modem;
*) lte - added "psc" (Primary Scrambling Code) parameter for "cell-monitor" function on R11e-LTE6 and R11e-LTE;
*) lte - do not show invalid "phy-cellid" when it is not yet received on "R11e-LTE";
*) lte - do not show unrelated info parameters after network mode failover;
*) port - fixed multiple identical USB serial device detection (introduced in v6.46);
*) ppp - fixed connection establishment when receiving "0.0.0.0" DNS;
*) snmp - fixed "ifOperStatus" reporting for combo ports;
*) winbox - removed duplicate "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";
Версия 6.46.3
2020-02-06
What's new in 6.46.3 (2020-Jan-28 10:46):
*) hotspot - fixed redirect to log in page (introduced in v6.45);
*) lora - added "ru-864-mid" channel plan;
*) lora - improved immediate packet delivery;
*) lte - added GPS port support for Quectel EP06 modem;
*) lte - added "psc" (Primary Scrambling Code) parameter for "cell-monitor" function on R11e-LTE6 and R11e-LTE;
*) lte - do not show invalid "phy-cellid" when it is not yet received on "R11e-LTE";
*) lte - do not show unrelated info parameters after network mode failover;
*) port - fixed multiple identical USB serial device detection (introduced in v6.46);
*) ppp - fixed connection establishment when receiving "0.0.0.0" DNS;
*) snmp - fixed "ifOperStatus" reporting for combo ports;
*) winbox - removed duplicate "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";
*) hotspot - fixed redirect to log in page (introduced in v6.45);
*) lora - added "ru-864-mid" channel plan;
*) lora - improved immediate packet delivery;
*) lte - added GPS port support for Quectel EP06 modem;
*) lte - added "psc" (Primary Scrambling Code) parameter for "cell-monitor" function on R11e-LTE6 and R11e-LTE;
*) lte - do not show invalid "phy-cellid" when it is not yet received on "R11e-LTE";
*) lte - do not show unrelated info parameters after network mode failover;
*) port - fixed multiple identical USB serial device detection (introduced in v6.46);
*) ppp - fixed connection establishment when receiving "0.0.0.0" DNS;
*) snmp - fixed "ifOperStatus" reporting for combo ports;
*) winbox - removed duplicate "counter", "chain", "size" and "payload" parameters under "LoRa/Traffic";
Версия 6.46.2
2020-01-16
What's new in 6.46.2 (2020-Jan-14 07:17):
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - prevent "flash" directory from being removed (introduced in v6.46);
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) defconf - fixed "caps-mode" not initialized properly after resetting;
*) defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46);
*) lora - fixed packet sending when using "antenna-gain" higher than 5dB;
*) lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
*) lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
*) lte - report only valid info parameters on R11e-LTE6;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) security - fixed vulnerability for routers with default password (limited to Wireless Wire), admin could login on startup with empty password before default configuration script was fully loaded;
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) system - fixed "check-installation" on PowerPC devices (introduced in v6.46);
*) traffic-generator - improved memory handling on CHR;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46);
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - fixed "Default Route Distance" default value when creating new LTE APN;
*) winbox - removed duplicate "join-eui" and "dev-eui" parameters under "Lora/Traffic";
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - prevent "flash" directory from being removed (introduced in v6.46);
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) defconf - fixed "caps-mode" not initialized properly after resetting;
*) defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46);
*) lora - fixed packet sending when using "antenna-gain" higher than 5dB;
*) lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
*) lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
*) lte - report only valid info parameters on R11e-LTE6;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) security - fixed vulnerability for routers with default password (limited to Wireless Wire), admin could login on startup with empty password before default configuration script was fully loaded;
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) system - fixed "check-installation" on PowerPC devices (introduced in v6.46);
*) traffic-generator - improved memory handling on CHR;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46);
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - fixed "Default Route Distance" default value when creating new LTE APN;
*) winbox - removed duplicate "join-eui" and "dev-eui" parameters under "Lora/Traffic";
Версия 6.46.2
2020-01-16
What's new in 6.46.2 (2020-Jan-14 07:17):
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - prevent "flash" directory from being removed (introduced in v6.46);
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) defconf - fixed "caps-mode" not initialized properly after resetting;
*) defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46);
*) lora - fixed packet sending when using "antenna-gain" higher than 5dB;
*) lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
*) lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
*) lte - report only valid info parameters on R11e-LTE6;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) security - fixed vulnerability for routers with default password (limited to Wireless Wire), admin could login on startup with empty password before default configuration script was fully loaded;
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) system - fixed "check-installation" on PowerPC devices (introduced in v6.46);
*) traffic-generator - improved memory handling on CHR;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46);
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - fixed "Default Route Distance" default value when creating new LTE APN;
*) winbox - removed duplicate "join-eui" and "dev-eui" parameters under "Lora/Traffic";
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - prevent "flash" directory from being removed (introduced in v6.46);
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) defconf - fixed "caps-mode" not initialized properly after resetting;
*) defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46);
*) lora - fixed packet sending when using "antenna-gain" higher than 5dB;
*) lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
*) lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
*) lte - report only valid info parameters on R11e-LTE6;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) security - fixed vulnerability for routers with default password (limited to Wireless Wire), admin could login on startup with empty password before default configuration script was fully loaded;
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) system - fixed "check-installation" on PowerPC devices (introduced in v6.46);
*) traffic-generator - improved memory handling on CHR;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46);
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - fixed "Default Route Distance" default value when creating new LTE APN;
*) winbox - removed duplicate "join-eui" and "dev-eui" parameters under "Lora/Traffic";
Версия 6.46.2
2020-01-16
What's new in 6.46.2 (2020-Jan-14 07:17):
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - prevent "flash" directory from being removed (introduced in v6.46);
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) defconf - fixed "caps-mode" not initialized properly after resetting;
*) defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46);
*) lora - fixed packet sending when using "antenna-gain" higher than 5dB;
*) lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
*) lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
*) lte - report only valid info parameters on R11e-LTE6;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) security - fixed vulnerability for routers with default password (limited to Wireless Wire), admin could login on startup with empty password before default configuration script was fully loaded;
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) system - fixed "check-installation" on PowerPC devices (introduced in v6.46);
*) traffic-generator - improved memory handling on CHR;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46);
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - fixed "Default Route Distance" default value when creating new LTE APN;
*) winbox - removed duplicate "join-eui" and "dev-eui" parameters under "Lora/Traffic";
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - prevent "flash" directory from being removed (introduced in v6.46);
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) defconf - fixed "caps-mode" not initialized properly after resetting;
*) defconf - fixed default configuration loading on RBwAPG-60adkit (introduced in v6.46);
*) lora - fixed packet sending when using "antenna-gain" higher than 5dB;
*) lte - fixed "cell-monitor" on R11e-LTE in 3G mode;
*) lte - fixed "earfcn" reporting on R11e-LTE6 in UMTS and GSM modes;
*) lte - report only valid info parameters on R11e-LTE6;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) security - fixed vulnerability for routers with default password (limited to Wireless Wire), admin could login on startup with empty password before default configuration script was fully loaded;
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) system - fixed "check-installation" on PowerPC devices (introduced in v6.46);
*) traffic-generator - improved memory handling on CHR;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - fixed "skins" saving to "flash" directory if it exists (introduced in v6.46);
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - fixed "Default Route Distance" default value when creating new LTE APN;
*) winbox - removed duplicate "join-eui" and "dev-eui" parameters under "Lora/Traffic";
Версия 6.46.1
2019-12-17
What's new in 6.46.1 (2019-Dec-13 12:44):
*) capsman - fixed CAP upgrading (introduced in v6.46);
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) defconf - fixed default configuration loading after fresh install (introduced in v6.46);
*) dhcpv6-server - use lease time from RADIUS;
*) dude - fixed image and font file accessing (introduced in v6.46);
*) gps - only adjust system time after GPS signal is established;
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) ipsec - improved system stability when processing decrypted packet on unregistered interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) log - fixed "disk-file-name" parameter validation (introduced in v6.46);
*) lora - added support for MIPSBE, PPC, TILE and x86 architectures;
*) lora - improved confirmed downlink forwarding;
*) lte - do not reset modem when setting the same SIM slot on LtAP;
*) lte - show SIM error when no card is present;
*) ppp - fixed session establishment with high amount of tunnels (introduced in v6.46);
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) qsfp - do not show "sfp-wavelength" for cables that do not support it;
*) snmp - fixed health related OID polling (introduced in v6.46);
*) supout - fixed autosupout.rif file generation (introduced in v6.46);
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) user-manager - fixed "db-path" parameter validation (introduced in v6.46);
*) webfig - fixed skin folder presence (introduced in v6.46);
*) winbox - fixed "allowed-number" parameter setting invalid value in "Tool/SMS" menu;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - added "russia4" regulatory domain information;
*) wireless - improved compatibility by adding default installation mode and gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
*) capsman - fixed CAP upgrading (introduced in v6.46);
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) defconf - fixed default configuration loading after fresh install (introduced in v6.46);
*) dhcpv6-server - use lease time from RADIUS;
*) dude - fixed image and font file accessing (introduced in v6.46);
*) gps - only adjust system time after GPS signal is established;
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) ipsec - improved system stability when processing decrypted packet on unregistered interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) log - fixed "disk-file-name" parameter validation (introduced in v6.46);
*) lora - added support for MIPSBE, PPC, TILE and x86 architectures;
*) lora - improved confirmed downlink forwarding;
*) lte - do not reset modem when setting the same SIM slot on LtAP;
*) lte - show SIM error when no card is present;
*) ppp - fixed session establishment with high amount of tunnels (introduced in v6.46);
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) qsfp - do not show "sfp-wavelength" for cables that do not support it;
*) snmp - fixed health related OID polling (introduced in v6.46);
*) supout - fixed autosupout.rif file generation (introduced in v6.46);
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) user-manager - fixed "db-path" parameter validation (introduced in v6.46);
*) webfig - fixed skin folder presence (introduced in v6.46);
*) winbox - fixed "allowed-number" parameter setting invalid value in "Tool/SMS" menu;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - added "russia4" regulatory domain information;
*) wireless - improved compatibility by adding default installation mode and gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
Версия 6.46.1
2019-12-17
What's new in 6.46.1 (2019-Dec-13 12:44):
*) capsman - fixed CAP upgrading (introduced in v6.46);
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) defconf - fixed default configuration loading after fresh install (introduced in v6.46);
*) dhcpv6-server - use lease time from RADIUS;
*) dude - fixed image and font file accessing (introduced in v6.46);
*) gps - only adjust system time after GPS signal is established;
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) ipsec - improved system stability when processing decrypted packet on unregistered interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) log - fixed "disk-file-name" parameter validation (introduced in v6.46);
*) lora - added support for MIPSBE, PPC, TILE and x86 architectures;
*) lora - improved confirmed downlink forwarding;
*) lte - do not reset modem when setting the same SIM slot on LtAP;
*) lte - show SIM error when no card is present;
*) ppp - fixed session establishment with high amount of tunnels (introduced in v6.46);
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) qsfp - do not show "sfp-wavelength" for cables that do not support it;
*) snmp - fixed health related OID polling (introduced in v6.46);
*) supout - fixed autosupout.rif file generation (introduced in v6.46);
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) user-manager - fixed "db-path" parameter validation (introduced in v6.46);
*) webfig - fixed skin folder presence (introduced in v6.46);
*) winbox - fixed "allowed-number" parameter setting invalid value in "Tool/SMS" menu;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - added "russia4" regulatory domain information;
*) wireless - improved compatibility by adding default installation mode and gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
*) capsman - fixed CAP upgrading (introduced in v6.46);
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) defconf - fixed default configuration loading after fresh install (introduced in v6.46);
*) dhcpv6-server - use lease time from RADIUS;
*) dude - fixed image and font file accessing (introduced in v6.46);
*) gps - only adjust system time after GPS signal is established;
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) ipsec - improved system stability when processing decrypted packet on unregistered interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) log - fixed "disk-file-name" parameter validation (introduced in v6.46);
*) lora - added support for MIPSBE, PPC, TILE and x86 architectures;
*) lora - improved confirmed downlink forwarding;
*) lte - do not reset modem when setting the same SIM slot on LtAP;
*) lte - show SIM error when no card is present;
*) ppp - fixed session establishment with high amount of tunnels (introduced in v6.46);
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) qsfp - do not show "sfp-wavelength" for cables that do not support it;
*) snmp - fixed health related OID polling (introduced in v6.46);
*) supout - fixed autosupout.rif file generation (introduced in v6.46);
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) user-manager - fixed "db-path" parameter validation (introduced in v6.46);
*) webfig - fixed skin folder presence (introduced in v6.46);
*) winbox - fixed "allowed-number" parameter setting invalid value in "Tool/SMS" menu;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - added "russia4" regulatory domain information;
*) wireless - improved compatibility by adding default installation mode and gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
Версия 6.46.1
2019-12-17
What's new in 6.46.1 (2019-Dec-13 12:44):
*) capsman - fixed CAP upgrading (introduced in v6.46);
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) defconf - fixed default configuration loading after fresh install (introduced in v6.46);
*) dhcpv6-server - use lease time from RADIUS;
*) dude - fixed image and font file accessing (introduced in v6.46);
*) gps - only adjust system time after GPS signal is established;
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) ipsec - improved system stability when processing decrypted packet on unregistered interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) log - fixed "disk-file-name" parameter validation (introduced in v6.46);
*) lora - added support for MIPSBE, PPC, TILE and x86 architectures;
*) lora - improved confirmed downlink forwarding;
*) lte - do not reset modem when setting the same SIM slot on LtAP;
*) lte - show SIM error when no card is present;
*) ppp - fixed session establishment with high amount of tunnels (introduced in v6.46);
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) qsfp - do not show "sfp-wavelength" for cables that do not support it;
*) snmp - fixed health related OID polling (introduced in v6.46);
*) supout - fixed autosupout.rif file generation (introduced in v6.46);
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) user-manager - fixed "db-path" parameter validation (introduced in v6.46);
*) webfig - fixed skin folder presence (introduced in v6.46);
*) winbox - fixed "allowed-number" parameter setting invalid value in "Tool/SMS" menu;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - added "russia4" regulatory domain information;
*) wireless - improved compatibility by adding default installation mode and gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
*) capsman - fixed CAP upgrading (introduced in v6.46);
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) defconf - fixed default configuration loading after fresh install (introduced in v6.46);
*) dhcpv6-server - use lease time from RADIUS;
*) dude - fixed image and font file accessing (introduced in v6.46);
*) gps - only adjust system time after GPS signal is established;
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) ipsec - improved system stability when processing decrypted packet on unregistered interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) log - fixed "disk-file-name" parameter validation (introduced in v6.46);
*) lora - added support for MIPSBE, PPC, TILE and x86 architectures;
*) lora - improved confirmed downlink forwarding;
*) lte - do not reset modem when setting the same SIM slot on LtAP;
*) lte - show SIM error when no card is present;
*) ppp - fixed session establishment with high amount of tunnels (introduced in v6.46);
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) qsfp - do not show "sfp-wavelength" for cables that do not support it;
*) snmp - fixed health related OID polling (introduced in v6.46);
*) supout - fixed autosupout.rif file generation (introduced in v6.46);
*) system - fixed "*.auto.rsc" file execution (introduced in v6.46);
*) user-manager - fixed "db-path" parameter validation (introduced in v6.46);
*) webfig - fixed skin folder presence (introduced in v6.46);
*) winbox - fixed "allowed-number" parameter setting invalid value in "Tool/SMS" menu;
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - added "russia4" regulatory domain information;
*) wireless - improved compatibility by adding default installation mode and gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
Версия 6.46
2019-12-03
What's new in 6.46 (2019-Dec-02 11:16):
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) backup - store automatically created backup file in "flash" directory;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - do not add dynamically VLAN entry when changing "pvid" property for non-vlan aware bridge;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - fixed MAC address detection for "common-name" parameter in certificate requests;
*) capsman - improved DFS channel switching when radar detected;
*) capsman - improved radar detection algorithm;
*) ccr - improved general system stability;
*) certificate - added progress bar when creating certificate request;
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - improved CRL updating process;
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) dhcpv6-client - fixed timeout when doing rebind;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - ignore prefix-hint from client's DHCPDISCOVER if static prefix received from RADIUS;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) export - always export "ssid" value for w60g interfaces;
*) fetch - do not allocate extra 500KiB on SMIPS;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) ipv6 - changed "advertise-dns" default value to "yes";
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for D402 modem;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) route - fixed area range summary route installation in VRF;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities;
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - added "comment" property for switch vlan menu (CLI only);
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) timezone - updated time zone database to version 2019c;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) ups - improved compatibility with APC UPS's;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) w60g - do not reset link when changing comment on station;
*) w60g - fixed "monitor" command on disabled interfaces;
*) w60g - move stations to new bridge when "put-in-bridge" parameter is changed;
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "CAPs Scanner" stopping;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - added "ETSI" regulatory domain information;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) backup - store automatically created backup file in "flash" directory;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - do not add dynamically VLAN entry when changing "pvid" property for non-vlan aware bridge;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - fixed MAC address detection for "common-name" parameter in certificate requests;
*) capsman - improved DFS channel switching when radar detected;
*) capsman - improved radar detection algorithm;
*) ccr - improved general system stability;
*) certificate - added progress bar when creating certificate request;
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - improved CRL updating process;
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) dhcpv6-client - fixed timeout when doing rebind;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - ignore prefix-hint from client's DHCPDISCOVER if static prefix received from RADIUS;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) export - always export "ssid" value for w60g interfaces;
*) fetch - do not allocate extra 500KiB on SMIPS;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) ipv6 - changed "advertise-dns" default value to "yes";
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for D402 modem;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) route - fixed area range summary route installation in VRF;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities;
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - added "comment" property for switch vlan menu (CLI only);
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) timezone - updated time zone database to version 2019c;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) ups - improved compatibility with APC UPS's;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) w60g - do not reset link when changing comment on station;
*) w60g - fixed "monitor" command on disabled interfaces;
*) w60g - move stations to new bridge when "put-in-bridge" parameter is changed;
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "CAPs Scanner" stopping;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - added "ETSI" regulatory domain information;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
Версия 6.46
2019-12-03
What's new in 6.46 (2019-Dec-02 11:16):
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) backup - store automatically created backup file in "flash" directory;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - do not add dynamically VLAN entry when changing "pvid" property for non-vlan aware bridge;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - fixed MAC address detection for "common-name" parameter in certificate requests;
*) capsman - improved DFS channel switching when radar detected;
*) capsman - improved radar detection algorithm;
*) ccr - improved general system stability;
*) certificate - added progress bar when creating certificate request;
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - improved CRL updating process;
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) dhcpv6-client - fixed timeout when doing rebind;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - ignore prefix-hint from client's DHCPDISCOVER if static prefix received from RADIUS;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) export - always export "ssid" value for w60g interfaces;
*) fetch - do not allocate extra 500KiB on SMIPS;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) ipv6 - changed "advertise-dns" default value to "yes";
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for D402 modem;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) route - fixed area range summary route installation in VRF;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities;
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - added "comment" property for switch vlan menu (CLI only);
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) timezone - updated time zone database to version 2019c;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) ups - improved compatibility with APC UPS's;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) w60g - do not reset link when changing comment on station;
*) w60g - fixed "monitor" command on disabled interfaces;
*) w60g - move stations to new bridge when "put-in-bridge" parameter is changed;
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "CAPs Scanner" stopping;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - added "ETSI" regulatory domain information;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) backup - store automatically created backup file in "flash" directory;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - do not add dynamically VLAN entry when changing "pvid" property for non-vlan aware bridge;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - fixed MAC address detection for "common-name" parameter in certificate requests;
*) capsman - improved DFS channel switching when radar detected;
*) capsman - improved radar detection algorithm;
*) ccr - improved general system stability;
*) certificate - added progress bar when creating certificate request;
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - improved CRL updating process;
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) dhcpv6-client - fixed timeout when doing rebind;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - ignore prefix-hint from client's DHCPDISCOVER if static prefix received from RADIUS;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) export - always export "ssid" value for w60g interfaces;
*) fetch - do not allocate extra 500KiB on SMIPS;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) ipv6 - changed "advertise-dns" default value to "yes";
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for D402 modem;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) route - fixed area range summary route installation in VRF;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities;
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - added "comment" property for switch vlan menu (CLI only);
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) timezone - updated time zone database to version 2019c;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) ups - improved compatibility with APC UPS's;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) w60g - do not reset link when changing comment on station;
*) w60g - fixed "monitor" command on disabled interfaces;
*) w60g - move stations to new bridge when "put-in-bridge" parameter is changed;
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "CAPs Scanner" stopping;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - added "ETSI" regulatory domain information;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
Версия 6.46
2019-12-03
What's new in 6.46 (2019-Dec-02 11:16):
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) backup - store automatically created backup file in "flash" directory;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - do not add dynamically VLAN entry when changing "pvid" property for non-vlan aware bridge;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - fixed MAC address detection for "common-name" parameter in certificate requests;
*) capsman - improved DFS channel switching when radar detected;
*) capsman - improved radar detection algorithm;
*) ccr - improved general system stability;
*) certificate - added progress bar when creating certificate request;
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - improved CRL updating process;
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) dhcpv6-client - fixed timeout when doing rebind;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - ignore prefix-hint from client's DHCPDISCOVER if static prefix received from RADIUS;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) export - always export "ssid" value for w60g interfaces;
*) fetch - do not allocate extra 500KiB on SMIPS;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) ipv6 - changed "advertise-dns" default value to "yes";
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for D402 modem;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) route - fixed area range summary route installation in VRF;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities;
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - added "comment" property for switch vlan menu (CLI only);
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) timezone - updated time zone database to version 2019c;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) ups - improved compatibility with APC UPS's;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) w60g - do not reset link when changing comment on station;
*) w60g - fixed "monitor" command on disabled interfaces;
*) w60g - move stations to new bridge when "put-in-bridge" parameter is changed;
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "CAPs Scanner" stopping;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - added "ETSI" regulatory domain information;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
MAJOR CHANGES IN v6.46:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) backup - fixed automatic backup file generation when configuration reset by button;
*) backup - store automatically created backup file in "flash" directory;
*) bonding - correctly remove HW offloaded bonding with ARP monitoring;
*) bonding - properly handle MAC addresses when bonding WLAN interfaces;
*) bridge - disable/enable bridge port when setting bpdu-guard;
*) bridge - do not add bridge as untagged VLAN member when frame-types=admit-only-vlan-tagged;
*) bridge - do not add dynamically VLAN entry when changing "pvid" property for non-vlan aware bridge;
*) bridge - include whole VLAN-id in DHCP Option 82 message;
*) btest - removed duplicate "duration" parameter;
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - fixed channel auto reselection;
*) capsman - fixed MAC address detection for "common-name" parameter in certificate requests;
*) capsman - improved DFS channel switching when radar detected;
*) capsman - improved radar detection algorithm;
*) ccr - improved general system stability;
*) certificate - added progress bar when creating certificate request;
*) certificate - added support for certificate request signing with EC keys;
*) certificate - allow specifying "file-name" parameter for export (CLI only);
*) certificate - allow specifying "name" parameter for import (CLI only);
*) certificate - improved CRL updating process;
*) certificate - removed "key-size" parameter for "create-certificate-request" command;
*) chr - added support for Azure guest agent;
*) console - added bitwise operator support for "ip6" data type;
*) console - fixed "address" column width when printing DHCPv4 leases;
*) console - fixed IP conversion to "num" data type;
*) console - fixed "tobool" conversion;
*) console - properly detect IPv6 address as "ip6" data type;
*) crs1xx/2xx - allow to set trunk port as mirroring target;
*) crs3xx - correctly handle L2MTU change;
*) crs3xx - do not send pause frames when ethernet "tx-flow-control" is disabled on CRS326/CRS328/CRS305 devices;
*) crs3xx - improved interface initialization;
*) crs3xx - improved switch-chip resource allocation on CRS317-1G-16S+, CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - improved system stability on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) crs3xx - remove previously set mirror-source property before changing it;
*) defconf - fixed default configuration loading on RBmAPL-2nD (introduced in v6.45);
*) defconf - require "policy" permission to print default configuration;
*) dhcpv4-client - allow empty "dhcp-options" parameter when adding new client;
*) dhcpv4-client - fixed "dhcp-options" parameter setting when adding new client;
*) dhcpv4-server - improved stability when RADIUS Interim update is sent;
*) dhcpv6-client - fixed timeout when doing rebind;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - ignore prefix-hint from client's DHCPDISCOVER if static prefix received from RADIUS;
*) dhcpv6-server - include "User-Name" parameter in accounting requests;
*) dhcpv6-server - made "calling-station-id" contain MAC address if DUID contains it;
*) dot1x - added "reject-vlan-id" server parameter (CLI only);
*) dot1x - added support for dynamic switch rules from RADIUS;
*) dot1x - added support for "mac-auth" authentication type (CLI only);
*) ethernet - automatically detect interface when using IP address for power-cycle-ping;
*) ethernet - do not enable interface after reboot that is already disabled;
*) ethernet - send requests only from ethernet interface when using MAC address for power-cycle-ping;
*) export - always export "ssid" value for w60g interfaces;
*) fetch - do not allocate extra 500KiB on SMIPS;
*) fetch - improved stability when processing large output data;
*) gps - use "serial1" as default port on RBLtAP-2HnD;
*) hotspot - fixed non-local NAT redirection to port TCP/64873;
*) hotspot - fixed RADIUS CoA "address-list" update;
*) ike1 - fixed minor spelling mistake in logs;
*) ike2 - improved CHILD SA rekey process with Apple iOS 13;
*) ike2 - improved stability when retransmitting first packet as responder;
*) ipsec - added "error" topic for identity check failure logging messages;
*) ipsec - fixed DNS resolving when domain has only AAAA entries;
*) ipsec - fixed policy "sa-src-address" detection from "local-address" (introduced in v6.45);
*) ipv6 - changed "advertise-dns" default value to "yes";
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) log - increased log message length limit to 1024 characters;
*) lte - added support for D402 modem;
*) lte - added support for LM960A18;
*) lte - added support for Telit LM960 and LE910C1 modems;
*) lte - do not allow setting 3G and GSM modes on LTE only modems;
*) lte - fixed band setting on R11e-4G;
*) lte - fixed network registration on R11e-LTE-US;
*) lte - fixed Sierra WP7601 driver loading;
*) lte - fix "operator" names not being displayed properly;
*) lte - improved modem initialization;
*) lte - show "primary-band" only for LTE modems;
*) lte - use /128 prefix for IPv6 address on LTE interface;
*) lte - use interface from RA when "ipv6-interface=none" and IPv6 enabled;
*) ppp - added 3GPP IoT "access-technology" definitions;
*) ppp - added support for Sierra WP7601;
*) ppp - disable DTR send when using at-chat;
*) quickset - added "LTE AP Dual" mode support;
*) quickset - added "LTE APN" dropdown support;
*) quickset - fixed "LTE Band" checkbox display;
*) route - fixed area range summary route installation in VRF;
*) routerboard - fixed default CPU frequency on RB750r2 ("/system routerboard upgrade" required);
*) routerboard - fixed USB configuration export on RBLtAP-2HnD;
*) routerboard - hide "memory-frequency" parameter for RBLtAP-2HnD;
*) sniffer - allow filtering by packet size;
*) snmp - added "disabled" and "comment" parameters for communities;
*) snmp - added option to monitor "link-downs" parameter using MIKROTIK-MIB;
*) snmp - fixed "dot1dBasePort" index offset for BRIDGE-MIB;
*) snmp - fixed "ifLastChange" OID reporting for IF-MIB;
*) snmp - fixed "radio-name" (mtxrWlRtabRadioName) OID support;
*) snmp - improved interface status reporting for IfOperStatus OID;
*) snmp - improved LLDP interface returned index and type;
*) snmp - return only interfaces with MAC addresses for LLDP;
*) snmp - use "src-address" also for traps;
*) ssh - fixed output printing when "command" parameter used;
*) supout - include information from all LTE interfaces;
*) supout - removed "file" option from "/system sup-output" command;
*) switch - added "comment" property for switch vlan menu (CLI only);
*) switch - correctly update dynamic switch rule when dhcp-snooping is enabled;
*) switch - ignore "default-vlan-id" property after switch reset on RTL8367 switch chip;
*) switch - show "external" flag for bridge hosts on MT7621, RTL8367 switch chips;
*) timezone - updated time zone database to version 2019c;
*) tr069-client - added CellDiagnostics parameter support;
*) tr069-client - added LTE band and cellular technology selection parameters;
*) tr069-client - added LTE RSCP, ECNO and ICCID parameter support;
*) tr069-client - added multiple LTE monitoring parameters;
*) tr069-client - reconnect to ACS when "ConnectionRequestURL" is updated;
*) upgrade - improved auto package updating using "check-for-updates";
*) ups - improved compatibility with APC UPS's;
*) usb - general USB modem stability improvements;
*) userman - updated Authorize.Net to use SHA512 hashing;
*) w60g - added "region" setting to limit allowed frequencies (CLI only);
*) w60g - do not reset link when changing comment on station;
*) w60g - fixed "monitor" command on disabled interfaces;
*) w60g - move stations to new bridge when "put-in-bridge" parameter is changed;
*) webfig - fixed link to Winbox download;
*) winbox - added "ip-address" and stats columns in "IP/Kid-Control/Devices" menu;
*) winbox - added "public-address-ipv6" parameter to "IP/Cloud" menu;
*) winbox - added "reset-counters" button to "IP/Kid Control/Devices" menu;
*) winbox - added "tx-info-field" parameter to "Wireless/W60G" menu;
*) winbox - added "Vendor Classes" tab in "IP/DHCP Server" menu;
*) winbox - added wireless alignment LED types to "System/LEDs" menu;
*) winbox - fixed allowed range for bridge filter "new-priority" parameter;
*) winbox - fixed "CAPs Scanner" stopping;
*) winbox - fixed "cluster-id" parameter setting in "Routing/BGP/Instances" menu;
*) winbox - fixed file locking when uploading multiple files at once;
*) winbox - fixed firewall limit parameter support for rates more than 4G;
*) winbox - fixed invalid flag presence in "IP/SMB/Shares" menu;
*) winbox - fixed "Routing" menu icon presence when there is no routing package installed;
*) winbox - improved stability when transfering multiple files between multiple windows;
*) winbox - properly show timestamp in file "Creation Time" field;
*) winbox - removed "Set CA Passphrase" button from "Certificate" menu;
*) winbox - renamed "Queue Limit" to "Queue Size" for "pcq-upload-default" and "pcq-download-default" parameters;
*) winbox - replaced "kb" with "KiB" in "Tools/Packet Sniffer" menu;
*) winbox - show "Switch" menu on RBwAPGR-5HacD2HnD;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added 4 chain MCS support for 802.11n wireless protocol (CLI only);
*) wireless - added "ETSI" regulatory domain information;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added "push-button-5s" value for "wps-mode" parameter;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed 802.11n rate selection when managed by CAPsMAN;
*) wireless - fixed RX chain selection;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
*) wireless - updated "ukraine" regulatory domain information;
*) wireless - updated "united-states" regulatory domain information;
Версия 6.45.7
2019-10-28
What's new in 6.45.7 (2019-Oct-24 08:44):
MAJOR CHANGES IN v6.45.7:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) conntrack - properly start manually enabled connection tracking;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) export - fixed "bootp-support" parameter export;
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) led - fixed default LED configuration for RBLHG5nD;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) snmp - improved reliability on SNMP service packet validation;
*) system - improved system stability for devices with AR9342 SoC;
*) winbox - show SFP tab for QSFP interfaces;
*) wireless - added "canada2" regulatory domain information;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
MAJOR CHANGES IN v6.45.7:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) conntrack - properly start manually enabled connection tracking;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) export - fixed "bootp-support" parameter export;
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) led - fixed default LED configuration for RBLHG5nD;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) snmp - improved reliability on SNMP service packet validation;
*) system - improved system stability for devices with AR9342 SoC;
*) winbox - show SFP tab for QSFP interfaces;
*) wireless - added "canada2" regulatory domain information;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
Версия 6.45.7
2019-10-28
What's new in 6.45.7 (2019-Oct-24 08:44):
MAJOR CHANGES IN v6.45.7:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) conntrack - properly start manually enabled connection tracking;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) export - fixed "bootp-support" parameter export;
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) led - fixed default LED configuration for RBLHG5nD;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) snmp - improved reliability on SNMP service packet validation;
*) system - improved system stability for devices with AR9342 SoC;
*) winbox - show SFP tab for QSFP interfaces;
*) wireless - added "canada2" regulatory domain information;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
MAJOR CHANGES IN v6.45.7:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) conntrack - properly start manually enabled connection tracking;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) export - fixed "bootp-support" parameter export;
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) led - fixed default LED configuration for RBLHG5nD;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) snmp - improved reliability on SNMP service packet validation;
*) system - improved system stability for devices with AR9342 SoC;
*) winbox - show SFP tab for QSFP interfaces;
*) wireless - added "canada2" regulatory domain information;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
Версия 6.45.7
2019-10-28
What's new in 6.45.7 (2019-Oct-24 08:44):
MAJOR CHANGES IN v6.45.7:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) conntrack - properly start manually enabled connection tracking;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) export - fixed "bootp-support" parameter export;
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) led - fixed default LED configuration for RBLHG5nD;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) snmp - improved reliability on SNMP service packet validation;
*) system - improved system stability for devices with AR9342 SoC;
*) winbox - show SFP tab for QSFP interfaces;
*) wireless - added "canada2" regulatory domain information;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
MAJOR CHANGES IN v6.45.7:
----------------------
!) lora - added support for LoRaWAN low-power wide-area network technology for MIPSBE, MMIPS and ARM;
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) conntrack - properly start manually enabled connection tracking;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) export - fixed "bootp-support" parameter export;
*) ike2 - fixed phase 1 rekeying (introduced in v6.45);
*) led - fixed default LED configuration for RBLHG5nD;
*) lte - fixed modem not receiving IP configuration when roaming (introduced in v6.45);
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) snmp - improved reliability on SNMP service packet validation;
*) system - improved system stability for devices with AR9342 SoC;
*) winbox - show SFP tab for QSFP interfaces;
*) wireless - added "canada2" regulatory domain information;
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
Версия 6.45.6
2019-09-11
What's new in 6.45.6 (2019-Sep-10 09:06):
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) capsman - fixed regulatory domain information checking when doing background scan;
*) conntrack - improved system stability when using h323 helper (introduced in v6.45);
*) crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) qsfp - clear SFP monitoring data on port enable;
*) qsfp - correctly display SFP monitoring data;
*) qsfp - fixed EEPROM checksum validation;
*) qsfp - show more QSFP module diagnostics;
*) wireless - include last frequency when manually setting frequency step in "scan-list";
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) capsman - fixed regulatory domain information checking when doing background scan;
*) conntrack - improved system stability when using h323 helper (introduced in v6.45);
*) crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) qsfp - clear SFP monitoring data on port enable;
*) qsfp - correctly display SFP monitoring data;
*) qsfp - fixed EEPROM checksum validation;
*) qsfp - show more QSFP module diagnostics;
*) wireless - include last frequency when manually setting frequency step in "scan-list";
Версия 6.45.6
2019-09-11
What's new in 6.45.6 (2019-Sep-10 09:06):
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) capsman - fixed regulatory domain information checking when doing background scan;
*) conntrack - improved system stability when using h323 helper (introduced in v6.45);
*) crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) qsfp - clear SFP monitoring data on port enable;
*) qsfp - correctly display SFP monitoring data;
*) qsfp - fixed EEPROM checksum validation;
*) qsfp - show more QSFP module diagnostics;
*) wireless - include last frequency when manually setting frequency step in "scan-list";
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) capsman - fixed regulatory domain information checking when doing background scan;
*) conntrack - improved system stability when using h323 helper (introduced in v6.45);
*) crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) qsfp - clear SFP monitoring data on port enable;
*) qsfp - correctly display SFP monitoring data;
*) qsfp - fixed EEPROM checksum validation;
*) qsfp - show more QSFP module diagnostics;
*) wireless - include last frequency when manually setting frequency step in "scan-list";
Версия 6.45.6
2019-09-11
What's new in 6.45.6 (2019-Sep-10 09:06):
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) capsman - fixed regulatory domain information checking when doing background scan;
*) conntrack - improved system stability when using h323 helper (introduced in v6.45);
*) crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) qsfp - clear SFP monitoring data on port enable;
*) qsfp - correctly display SFP monitoring data;
*) qsfp - fixed EEPROM checksum validation;
*) qsfp - show more QSFP module diagnostics;
*) wireless - include last frequency when manually setting frequency step in "scan-list";
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) capsman - fixed regulatory domain information checking when doing background scan;
*) conntrack - improved system stability when using h323 helper (introduced in v6.45);
*) crs3xx - fixed "egress-rate" property on CRS309-1G-8S+, CRS312-4C+8XG, CRS326-24S+2Q+ devices;
*) qsfp - clear SFP monitoring data on port enable;
*) qsfp - correctly display SFP monitoring data;
*) qsfp - fixed EEPROM checksum validation;
*) qsfp - show more QSFP module diagnostics;
*) wireless - include last frequency when manually setting frequency step in "scan-list";
Версия 6.45.5
2019-08-28
What's new in 6.45.5 (2019-Aug-26 10:56):
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) crs328 - adjust fan speed based on SFP and CPU temperature;
*) dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
*) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) ike2 - improved rekeying process with Windows initiators;
*) ike2 - properly start all initiators to the same remote address;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
*) ipsec - fixed minor spelling mistakes in logs;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) lte - fixed LTE interface disappearing on RBSXTLTE3-7;
*) smb - improved stability on x86 and CHR (CVE-2019-16160);
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) ssh - fixed carriage return presence in subsequent sessions;
*) switch - fix port isolation for non-CRS series switch chips;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) upnp - fixed XML parsing (FG-VD-19-110);
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) wireless - fixed basic rate reporting in snooper;
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) crs328 - adjust fan speed based on SFP and CPU temperature;
*) dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
*) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) ike2 - improved rekeying process with Windows initiators;
*) ike2 - properly start all initiators to the same remote address;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
*) ipsec - fixed minor spelling mistakes in logs;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) lte - fixed LTE interface disappearing on RBSXTLTE3-7;
*) smb - improved stability on x86 and CHR (CVE-2019-16160);
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) ssh - fixed carriage return presence in subsequent sessions;
*) switch - fix port isolation for non-CRS series switch chips;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) upnp - fixed XML parsing (FG-VD-19-110);
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) wireless - fixed basic rate reporting in snooper;
Версия 6.45.5
2019-08-28
What's new in 6.45.5 (2019-Aug-26 10:56):
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) crs328 - adjust fan speed based on SFP and CPU temperature;
*) dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
*) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) ike2 - improved rekeying process with Windows initiators;
*) ike2 - properly start all initiators to the same remote address;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
*) ipsec - fixed minor spelling mistakes in logs;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) lte - fixed LTE interface disappearing on RBSXTLTE3-7;
*) smb - improved stability on x86 and CHR (CVE-2019-16160);
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) ssh - fixed carriage return presence in subsequent sessions;
*) switch - fix port isolation for non-CRS series switch chips;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) upnp - fixed XML parsing (FG-VD-19-110);
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) wireless - fixed basic rate reporting in snooper;
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) crs328 - adjust fan speed based on SFP and CPU temperature;
*) dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
*) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) ike2 - improved rekeying process with Windows initiators;
*) ike2 - properly start all initiators to the same remote address;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
*) ipsec - fixed minor spelling mistakes in logs;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) lte - fixed LTE interface disappearing on RBSXTLTE3-7;
*) smb - improved stability on x86 and CHR (CVE-2019-16160);
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) ssh - fixed carriage return presence in subsequent sessions;
*) switch - fix port isolation for non-CRS series switch chips;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) upnp - fixed XML parsing (FG-VD-19-110);
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) wireless - fixed basic rate reporting in snooper;
Версия 6.45.5
2019-08-28
What's new in 6.45.5 (2019-Aug-26 10:56):
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) crs328 - adjust fan speed based on SFP and CPU temperature;
*) dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
*) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) ike2 - improved rekeying process with Windows initiators;
*) ike2 - properly start all initiators to the same remote address;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
*) ipsec - fixed minor spelling mistakes in logs;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) lte - fixed LTE interface disappearing on RBSXTLTE3-7;
*) smb - improved stability on x86 and CHR (CVE-2019-16160);
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) ssh - fixed carriage return presence in subsequent sessions;
*) switch - fix port isolation for non-CRS series switch chips;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) upnp - fixed XML parsing (FG-VD-19-110);
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) wireless - fixed basic rate reporting in snooper;
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) crs328 - adjust fan speed based on SFP and CPU temperature;
*) dhcpv4-server - fixed "Acct-Output-Octets" reporting to RADIUS;
*) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
*) ike2 - don't release policy on rekey when child not found;
*) ike2 - fixed ID validation with multiple SAN;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) ike2 - improved rekeying process with Windows initiators;
*) ike2 - properly start all initiators to the same remote address;
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) ipsec - fixed "eap-radius" authentication method (introduced in v6.45);
*) ipsec - fixed minor spelling mistakes in logs;
*) lte - fixed cell information monitoring on R11e-LTE-US (introduced in v6.45.2);
*) lte - fixed LTE interface disappearing on RBSXTLTE3-7;
*) smb - improved stability on x86 and CHR (CVE-2019-16160);
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) ssh - fixed carriage return presence in subsequent sessions;
*) switch - fix port isolation for non-CRS series switch chips;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) upnp - fixed XML parsing (FG-VD-19-110);
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) wireless - fixed basic rate reporting in snooper;
Версия 6.45.4
2019-08-28
What's new in 6.45.4 (2019-Aug-13 09:04):
(factory only release)
(factory only release)
Версия 6.45.4
2019-08-28
What's new in 6.45.4 (2019-Aug-13 09:04):
(factory only release)
(factory only release)
Версия 6.45.4
2019-08-28
What's new in 6.45.4 (2019-Aug-13 09:04):
(factory only release)
(factory only release)
Версия 6.45.3
2019-08-01
What's new in 6.45.3 (2019-Jul-29 12:11):
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) certificate - renew certificates via SCEP when 3/4 of lifetime reached;
*) crs317 - fixed multicast packet receiving (introduced in v6.45);
*) hotspot - fixed default profile values not being used (introduced in v6.45);
*) rb4011 - fixed SFP+ interface linking (introduced in v6.45.2);
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
*) supout - fixed SIM slot printing (introduced in v6.45);
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) certificate - renew certificates via SCEP when 3/4 of lifetime reached;
*) crs317 - fixed multicast packet receiving (introduced in v6.45);
*) hotspot - fixed default profile values not being used (introduced in v6.45);
*) rb4011 - fixed SFP+ interface linking (introduced in v6.45.2);
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
*) supout - fixed SIM slot printing (introduced in v6.45);
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;
Версия 6.45.3
2019-08-01
What's new in 6.45.3 (2019-Jul-29 12:11):
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) certificate - renew certificates via SCEP when 3/4 of lifetime reached;
*) crs317 - fixed multicast packet receiving (introduced in v6.45);
*) hotspot - fixed default profile values not being used (introduced in v6.45);
*) rb4011 - fixed SFP+ interface linking (introduced in v6.45.2);
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
*) supout - fixed SIM slot printing (introduced in v6.45);
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) certificate - renew certificates via SCEP when 3/4 of lifetime reached;
*) crs317 - fixed multicast packet receiving (introduced in v6.45);
*) hotspot - fixed default profile values not being used (introduced in v6.45);
*) rb4011 - fixed SFP+ interface linking (introduced in v6.45.2);
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
*) supout - fixed SIM slot printing (introduced in v6.45);
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;
Версия 6.45.3
2019-08-01
What's new in 6.45.3 (2019-Jul-29 12:11):
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) certificate - renew certificates via SCEP when 3/4 of lifetime reached;
*) crs317 - fixed multicast packet receiving (introduced in v6.45);
*) hotspot - fixed default profile values not being used (introduced in v6.45);
*) rb4011 - fixed SFP+ interface linking (introduced in v6.45.2);
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
*) supout - fixed SIM slot printing (introduced in v6.45);
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) certificate - renew certificates via SCEP when 3/4 of lifetime reached;
*) crs317 - fixed multicast packet receiving (introduced in v6.45);
*) hotspot - fixed default profile values not being used (introduced in v6.45);
*) rb4011 - fixed SFP+ interface linking (introduced in v6.45.2);
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
*) supout - fixed SIM slot printing (introduced in v6.45);
*) wireless - improved U-APSD (WMM Power Save) support for 802.11e;
Версия 6.45.2
2019-07-19
What's new in 6.45.2 (2019-Jul-17 10:04):
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) cloud - properly stop "time-zone-autodetect" after disable;
*) interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) profile - added "internet-detect" process classificator;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved range selection when distance set to "dynamic";
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) cloud - properly stop "time-zone-autodetect" after disable;
*) interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) profile - added "internet-detect" process classificator;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved range selection when distance set to "dynamic";
Версия 6.45.2
2019-07-19
What's new in 6.45.2 (2019-Jul-17 10:04):
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) cloud - properly stop "time-zone-autodetect" after disable;
*) interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) profile - added "internet-detect" process classificator;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved range selection when distance set to "dynamic";
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) cloud - properly stop "time-zone-autodetect" after disable;
*) interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) profile - added "internet-detect" process classificator;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved range selection when distance set to "dynamic";
Версия 6.45.2
2019-07-19
What's new in 6.45.2 (2019-Jul-17 10:04):
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) cloud - properly stop "time-zone-autodetect" after disable;
*) interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) profile - added "internet-detect" process classificator;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved range selection when distance set to "dynamic";
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
*) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45);
*) cloud - properly stop "time-zone-autodetect" after disable;
*) interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
*) ipsec - added "connection-mark" parameter for mode-config initiator;
*) ipsec - allow peer argument only for "encrypt" policies (introduced in v6.45);
*) ipsec - fixed peer configuration migration from versions older than v6.43 (introduced in v6.45);
*) ipsec - improved stability for peer initialization (introduced in v6.45);
*) ipsec - show warning for policies with "unknown" peer;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) profile - added "internet-detect" process classificator;
*) radius - fixed "User-Password" encoding (introduced in v6.45);
*) ssh - do not enable "none-crypto" if "strong-crypto" is enabled on upgrade (introduced in v6.45);
*) ssh - fixed executed command output printing (introduced in v6.45);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) upgrade - fixed "auto-upgrade" to use new style authentication (introduced in v6.45);
*) vlan - fixed "slave" flag for non-running interfaces (introduced in v6.45);
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved range selection when distance set to "dynamic";
Версия 6.45.1
2019-07-01
What's new in 6.45.1 (2019-Jun-27 10:23):
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
MAJOR CHANGES IN v6.45.1:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
!) user - removed insecure password storage;
----------------------
Changes in this release:
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - correctly handle bridge host table;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - improved stability when receiving traffic over USB modem with bridge firewall enabled;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) certificate - fixed self signed CA certificate handling by SCEP client;
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) certificate - removed "set-ca-passphrase" parameter;
*) chr - legacy adapters require "disable-running-check=yes" to be set;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - fixed "tx-drop" counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv4-server - added IP conflict logging;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - fixed running (R) flag not present on x86 interfaces and CHR legacy adapters;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) gps - use "serial0" as default port on LtAP mini;
*) hotspot - added "interface-mac" variable to HTML pages;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) m33g - added support for additional Serial Console port on GPIO headers;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) routerboard - renamed 'sim' menu to 'modem';
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - fixed "send-trap" with multiple "trap-targets";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - keep host keys when resetting configuration with "keep-users=yes";
*) ssh - use correct user when "output-to-file" parameter is used;
*) sstp - improved stability when received traffic hits tarpit firewall;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
MAJOR CHANGES IN v6.45.1:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
!) user - removed insecure password storage;
----------------------
Changes in this release:
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - correctly handle bridge host table;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - improved stability when receiving traffic over USB modem with bridge firewall enabled;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) certificate - fixed self signed CA certificate handling by SCEP client;
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) certificate - removed "set-ca-passphrase" parameter;
*) chr - legacy adapters require "disable-running-check=yes" to be set;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - fixed "tx-drop" counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv4-server - added IP conflict logging;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - fixed running (R) flag not present on x86 interfaces and CHR legacy adapters;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) gps - use "serial0" as default port on LtAP mini;
*) hotspot - added "interface-mac" variable to HTML pages;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) m33g - added support for additional Serial Console port on GPIO headers;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) routerboard - renamed 'sim' menu to 'modem';
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - fixed "send-trap" with multiple "trap-targets";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - keep host keys when resetting configuration with "keep-users=yes";
*) ssh - use correct user when "output-to-file" parameter is used;
*) sstp - improved stability when received traffic hits tarpit firewall;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Версия 6.45.1
2019-07-01
What's new in 6.45.1 (2019-Jun-27 10:23):
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
MAJOR CHANGES IN v6.45.1:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
!) user - removed insecure password storage;
----------------------
Changes in this release:
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - correctly handle bridge host table;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - improved stability when receiving traffic over USB modem with bridge firewall enabled;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) certificate - fixed self signed CA certificate handling by SCEP client;
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) certificate - removed "set-ca-passphrase" parameter;
*) chr - legacy adapters require "disable-running-check=yes" to be set;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - fixed "tx-drop" counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv4-server - added IP conflict logging;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - fixed running (R) flag not present on x86 interfaces and CHR legacy adapters;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) gps - use "serial0" as default port on LtAP mini;
*) hotspot - added "interface-mac" variable to HTML pages;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) m33g - added support for additional Serial Console port on GPIO headers;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) routerboard - renamed 'sim' menu to 'modem';
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - fixed "send-trap" with multiple "trap-targets";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - keep host keys when resetting configuration with "keep-users=yes";
*) ssh - use correct user when "output-to-file" parameter is used;
*) sstp - improved stability when received traffic hits tarpit firewall;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
MAJOR CHANGES IN v6.45.1:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
!) user - removed insecure password storage;
----------------------
Changes in this release:
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - correctly handle bridge host table;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - improved stability when receiving traffic over USB modem with bridge firewall enabled;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) certificate - fixed self signed CA certificate handling by SCEP client;
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) certificate - removed "set-ca-passphrase" parameter;
*) chr - legacy adapters require "disable-running-check=yes" to be set;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - fixed "tx-drop" counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv4-server - added IP conflict logging;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - fixed running (R) flag not present on x86 interfaces and CHR legacy adapters;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) gps - use "serial0" as default port on LtAP mini;
*) hotspot - added "interface-mac" variable to HTML pages;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) m33g - added support for additional Serial Console port on GPIO headers;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) routerboard - renamed 'sim' menu to 'modem';
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - fixed "send-trap" with multiple "trap-targets";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - keep host keys when resetting configuration with "keep-users=yes";
*) ssh - use correct user when "output-to-file" parameter is used;
*) sstp - improved stability when received traffic hits tarpit firewall;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Версия 6.45.1
2019-07-01
What's new in 6.45.1 (2019-Jun-27 10:23):
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
MAJOR CHANGES IN v6.45.1:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
!) user - removed insecure password storage;
----------------------
Changes in this release:
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - correctly handle bridge host table;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - improved stability when receiving traffic over USB modem with bridge firewall enabled;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) certificate - fixed self signed CA certificate handling by SCEP client;
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) certificate - removed "set-ca-passphrase" parameter;
*) chr - legacy adapters require "disable-running-check=yes" to be set;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - fixed "tx-drop" counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv4-server - added IP conflict logging;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - fixed running (R) flag not present on x86 interfaces and CHR legacy adapters;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) gps - use "serial0" as default port on LtAP mini;
*) hotspot - added "interface-mac" variable to HTML pages;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) m33g - added support for additional Serial Console port on GPIO headers;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) routerboard - renamed 'sim' menu to 'modem';
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - fixed "send-trap" with multiple "trap-targets";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - keep host keys when resetting configuration with "keep-users=yes";
*) ssh - use correct user when "output-to-file" parameter is used;
*) sstp - improved stability when received traffic hits tarpit firewall;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Important note!!!
Due to removal of compatibility with old version passwords in this version, downgrading to any version prior to v6.43 (v6.42.12 and older) will clear all user passwords and allow password-less authentication. Please secure your router after downgrading.
Old API authentication method will also no longer work, see documentation for new login procedure:
https://wiki.mikrotik.com/wiki/Manual:API#Initial_login
MAJOR CHANGES IN v6.45.1:
----------------------
!) dot1x - added support for IEEE 802.1X Port-Based Network Access Control;
!) ike2 - added support for EAP authentication methods (eap-tls, eap-ttls, eap-peap, eap-mschapv2) as initiator;
!) security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
!) user - removed insecure password storage;
----------------------
Changes in this release:
*) bridge - correctly display bridge FastPath status when vlan-filtering or dhcp-snooping is used;
*) bridge - correctly handle bridge host table;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - improved stability when receiving traffic over USB modem with bridge firewall enabled;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) ccr - improved packet processing after overloading interface;
*) certificate - added "key-type" field;
*) certificate - added support for ECDSA certificates (prime256v1, secp384r1, secp521r1);
*) certificate - fixed self signed CA certificate handling by SCEP client;
*) certificate - made RAM the default CRL storage location;
*) certificate - removed DSA (D) flag;
*) certificate - removed "set-ca-passphrase" parameter;
*) chr - legacy adapters require "disable-running-check=yes" to be set;
*) cloud - added "replace" parameter for backup "upload-file" command;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) conntrack - significant stability and performance improvements;
*) crs317 - fixed known multicast flooding to the CPU;
*) crs3xx - added ethernet tx-drop counter;
*) crs3xx - correctly display auto-negotiation information for SFP/SFP+ interfaces in 1Gbps rate;
*) crs3xx - fixed auto negotiation when 2-pair twisted cable is used (downshift feature);
*) crs3xx - fixed "tx-drop" counter;
*) crs3xx - improved switch-chip resource allocation on CRS326, CRS328, CRS305;
*) defconf - added "custom-script" field that prints custom configuration installed by Netinstall;
*) defconf - automatically set "installation" parameter for outdoor devices;
*) defconf - changed default configuration type to AP for cAP series devices;
*) defconf - fixed channel width selection for RU locked devices;
*) dhcp - create dual stack queue based on limitations specified on DHCPv4 server lease configuration;
*) dhcp - do not require lease and binding to have the same configuration for dual-stack queues;
*) dhcp - show warning in log if lease and binding dual-stack related parameters do not match and create separate queues;
*) dhcpv4-server - added "client-mac-limit" parameter;
*) dhcpv4-server - added IP conflict logging;
*) dhcpv4-server - added RADIUS accounting support with queue based statistics;
*) dhcpv4-server - added "vendor-class-id" matcher (CLI only);
*) dhcpv4-server - improved stability when performing "check-status" command;
*) dhcpv4-server - replaced "busy" lease status with "conflict" and "declined";
*) dhcpv6-client - added option to disable rapid-commit;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "address-list" support for bindings;
*) dhcpv6-server - added "insert-queue-before" and "parent-queue" parameters;
*) dhcpv6-server - added RADIUS accounting support with queue based statistics;
*) dhcpv6-server - added "route-distance" parameter;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - correctly create neighbors from VLAN tagged discovery messages;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) discovery - improved neighbour's MAC address detection;
*) discovery - limit max neighbour count per interface based on total RAM memory;
*) discovery - show neighbors on actual mesh ports;
*) e-mail - include "message-id" identification field in e-mail header;
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) ethernet - added support for 25Gbps and 40Gbps rates;
*) ethernet - fixed running (R) flag not present on x86 interfaces and CHR legacy adapters;
*) ethernet - increased loop warning threshold to 5 packets per second;
*) fetch - added SFTP support;
*) fetch - improved user policy lookup;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - fixed missing minus close to zero coordinates in dd format;
*) gps - make sure "direction" parameter is upper case;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) gps - use "serial0" as default port on LtAP mini;
*) hotspot - added "interface-mac" variable to HTML pages;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ike1 - adjusted debug packet logging topics;
*) ike2 - added support for ECDSA certificate authentication (rfc4754);
*) ike2 - added support for IKE SA rekeying for initiator;
*) ike2 - do not send "User-Name" attribute to RADIUS server if not provided;
*) ike2 - improved certificate verification when multiple CA certificates received from responder;
*) ike2 - improved child SA rekeying process;
*) ike2 - improved XAuth identity conversion on upgrade;
*) ike2 - prefer SAN instead of DN from certificate for ID payload;
*) ippool - improved logging for IPv6 Pool when prefix is already in use;
*) ipsec - added dynamic comment field for "active-peers" menu inherited from identity;
*) ipsec - added "ph2-total" counter to "active-peers" menu;
*) ipsec - added support for RADIUS accounting for "eap-radius" and "pre-shared-key-xauth" authentication methods;
*) ipsec - added traffic statistics to "active-peers" menu;
*) ipsec - disallow setting "src-address" and "dst-address" for transport mode policies;
*) ipsec - do not allow adding identity to a dynamic peer;
*) ipsec - fixed policies becoming invalid after changing priority;
*) ipsec - general improvements in policy handling;
*) ipsec - properly drop already established tunnel when address change detected;
*) ipsec - renamed "remote-peers" to "active-peers";
*) ipsec - renamed "rsa-signature" authentication method to "digital-signature";
*) ipsec - replaced policy SA address parameters with peer setting;
*) ipsec - use tunnel name for dynamic IPsec peer name;
*) ipv6 - improved system stability when receiving bogus packets;
*) ltap - renamed SIM slots "up" and "down" to "2" and "3";
*) lte - added initial support for Vodafone R216-Z;
*) lte - added passthrough interface subnet selection;
*) lte - added support for manual operator selection;
*) lte - allow setting empty APN;
*) lte - allow to specify URL for firmware upgrade "firmware-file" parameter;
*) lte - do not show error message for info commands that are not supported;
*) lte - fixed session reactivation on R11e-LTE in UMTS mode;
*) lte - improved firmware upgrade process;
*) lte - improved "info" command query;
*) lte - improved R11e-4G modem operation;
*) lte - renamed firmware upgrade "path" command to "firmware-file" (CLI only);
*) lte - show alphanumeric value for operator info;
*) lte - show correct firmware revision after firmware upgrade;
*) lte - use default APN name "internet" when not provided;
*) lte - use secondary DNS for DNS server configuration;
*) m33g - added support for additional Serial Console port on GPIO headers;
*) ospf - added support for link scope opaque LSAs (Type 9) for OSPFv2;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) ppp - added initial support for Quectel BG96;
*) proxy - increased minimal free RAM that can not be used for proxy services;
*) rb3011 - improved system stability when receiving bogus packets;
*) rb4011 - fixed MAC address duplication between sfp-sfpplus1 and wlan1 interfaces (wlan1 configuration reset required);
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) routerboard - renamed 'sim' menu to 'modem';
*) sfp - fixed S-35LC20D transceiver DDMI readouts after reboot;
*) sms - added USSD message functionality under "/tool sms" (CLI only);
*) sms - allow specifying multiple "allowed-number" values;
*) sms - improved delivery report logging;
*) snmp - added "dot1dStpPortTable" OID;
*) snmp - added OID for neighbor "interface";
*) snmp - added "write-access" column to community print;
*) snmp - allow setting interface "adminStatus";
*) snmp - fixed "send-trap" not working when "trap-generators" does not contain "temp-exception";
*) snmp - fixed "send-trap" with multiple "trap-targets";
*) snmp - improved reliability on SNMP service packet validation;
*) snmp - properly return multicast and broadcast packet counters for IF-MIB OIDs;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - added new "ssh-exec" command for non-interactive command execution;
*) ssh - fixed non-interactive multiple command execution;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) ssh - improved session rekeying process on exchanged data size threshold;
*) ssh - keep host keys when resetting configuration with "keep-users=yes";
*) ssh - use correct user when "output-to-file" parameter is used;
*) sstp - improved stability when received traffic hits tarpit firewall;
*) supout - added IPv6 ND section to supout file;
*) supout - added "kid-control devices" section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) switch - properly reapply settings after switch chip reset;
*) tftp - added "max-block-size" parameter under TFTP "settings" menu (CLI only);
*) tile - improved link fault detection on SFP+ ports;
*) tr069-client - added LTE CQI and IMSI parameter support;
*) tr069-client - fixed potential memory corruption;
*) tr069-client - improved error reporting with incorrect firware upgrade XML file;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-generator - improved stability when stopping traffic generator;
*) tunnel - removed "local-address" requirement when "ipsec-secret" is used;
*) userman - added support for "Delegated-IPv6-Pool" and "DNS-Server-IPv6-Address" (CLI only);
*) w60g - do not show unused "dmg" parameter;
*) w60g - prefer AP with strongest signal when multiple APs with same SSID present;
*) w60g - show running frequency under "monitor" command;
*) winbox - added "System/SwOS" menu for all dual-boot devices;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - fixed frequency duplication in the frequency selection menu;
*) wireless - fixed incorrect IP header for RADIUS accounting packet;
*) wireless - improved 160MHz channel width stability on rb4011;
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - set default SSID and supplicant-identity the same as router's identity;
*) wireless - updated "china" regulatory domain information;
*) wireless - updated "new zealand" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Версия 6.45
2019-07-01
What's new in 6.45 (2019-Jun-21 09:00):
(factory only release)
(factory only release)
Версия 6.45
2019-07-01
What's new in 6.45 (2019-Jun-21 09:00):
(factory only release)
(factory only release)
Версия 6.45
2019-07-01
What's new in 6.45 (2019-Jun-21 09:00):
(factory only release)
(factory only release)
Версия 6.44.4
2019-07-01
What's new in 6.44.4 (2019-May-09 12:14):
(factory only release)
(factory only release)
Версия 6.44.4
2019-07-01
What's new in 6.44.4 (2019-May-09 12:14):
(factory only release)
(factory only release)
Версия 6.44.4
2019-07-01
What's new in 6.44.4 (2019-May-09 12:14):
(factory only release)
(factory only release)
Версия 6.44.3
2019-04-24
What's new in 6.44.3 (2019-Apr-23 12:37):
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ipsec - fixed freshly created identity not taken in action (introduced in v6.44);
*) ipsec - fixed possible configuration corruption after import (introduced in v6.44);
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) smb - fixed possible buffer overflow;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) userman - updated authorize.net gateway DNS name;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - improved wireless country settings for EU countries;
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ipsec - fixed freshly created identity not taken in action (introduced in v6.44);
*) ipsec - fixed possible configuration corruption after import (introduced in v6.44);
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) smb - fixed possible buffer overflow;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) userman - updated authorize.net gateway DNS name;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - improved wireless country settings for EU countries;
Версия 6.44.3
2019-04-24
What's new in 6.44.3 (2019-Apr-23 12:37):
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ipsec - fixed freshly created identity not taken in action (introduced in v6.44);
*) ipsec - fixed possible configuration corruption after import (introduced in v6.44);
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) smb - fixed possible buffer overflow;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) userman - updated authorize.net gateway DNS name;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - improved wireless country settings for EU countries;
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ipsec - fixed freshly created identity not taken in action (introduced in v6.44);
*) ipsec - fixed possible configuration corruption after import (introduced in v6.44);
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) smb - fixed possible buffer overflow;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) userman - updated authorize.net gateway DNS name;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - improved wireless country settings for EU countries;
Версия 6.44.3
2019-04-24
What's new in 6.44.3 (2019-Apr-23 12:37):
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ipsec - fixed freshly created identity not taken in action (introduced in v6.44);
*) ipsec - fixed possible configuration corruption after import (introduced in v6.44);
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) smb - fixed possible buffer overflow;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) userman - updated authorize.net gateway DNS name;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - improved wireless country settings for EU countries;
*) certificate - fixed SAN being duplicated on status change (introduced in v6.44);
*) conntrack - fixed "loose-tcp-tracking" parameter not taken in action (introduced in v6.44);
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ipsec - fixed freshly created identity not taken in action (introduced in v6.44);
*) ipsec - fixed possible configuration corruption after import (introduced in v6.44);
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) smb - fixed possible buffer overflow;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - added "both", "local" and "remote" options for "forwarding-enabled" parameter;
*) ssh - do not generate host key on configuration export;
*) ssh - fixed multiline non-interactive command execution;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) userman - updated authorize.net gateway DNS name;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - improved wireless country settings for EU countries;
Версия 6.44.2
2019-04-04
What's new in 6.44.2 (2019-Apr-01 12:47):
MAJOR CHANGES IN v6.44.2:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
MAJOR CHANGES IN v6.44.2:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
Версия 6.44.2
2019-04-04
What's new in 6.44.2 (2019-Apr-01 12:47):
MAJOR CHANGES IN v6.44.2:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
MAJOR CHANGES IN v6.44.2:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
Версия 6.44.2
2019-04-04
What's new in 6.44.2 (2019-Apr-01 12:47):
MAJOR CHANGES IN v6.44.2:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
MAJOR CHANGES IN v6.44.2:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
Версия 6.44.1
2019-03-14
What's new in 6.44.1 (2019-Mar-13 08:38):
Changes in this release:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - force 3DES encryption for P12 certificate export;
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
*) gps - increase precision for dd format;
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - do not show "session-uptime" if session is not up;
*) lte - fixed LTE interface band setting on RBSXTLTE3-7 (introduced in v6.44);
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menu;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
Changes in this release:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - force 3DES encryption for P12 certificate export;
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
*) gps - increase precision for dd format;
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - do not show "session-uptime" if session is not up;
*) lte - fixed LTE interface band setting on RBSXTLTE3-7 (introduced in v6.44);
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menu;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
Версия 6.44.1
2019-03-14
What's new in 6.44.1 (2019-Mar-13 08:38):
Changes in this release:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - force 3DES encryption for P12 certificate export;
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
*) gps - increase precision for dd format;
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - do not show "session-uptime" if session is not up;
*) lte - fixed LTE interface band setting on RBSXTLTE3-7 (introduced in v6.44);
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menu;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
Changes in this release:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - force 3DES encryption for P12 certificate export;
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
*) gps - increase precision for dd format;
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - do not show "session-uptime" if session is not up;
*) lte - fixed LTE interface band setting on RBSXTLTE3-7 (introduced in v6.44);
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menu;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
Версия 6.44.1
2019-03-14
What's new in 6.44.1 (2019-Mar-13 08:38):
Changes in this release:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - force 3DES encryption for P12 certificate export;
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
*) gps - increase precision for dd format;
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - do not show "session-uptime" if session is not up;
*) lte - fixed LTE interface band setting on RBSXTLTE3-7 (introduced in v6.44);
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menu;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
Changes in this release:
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) certificate - force 3DES encryption for P12 certificate export;
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - use MAC address for RADIUS user when "allow-dual-stack-queue=yes";
*) e-mail - fixed missing "from" address for sent e-mails (introduced in v6.44);
*) gps - increase precision for dd format;
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - allow identities with empty XAuth login and password if RADIUS is enabled (introduced in v6.44);
*) ipsec - fixed dynamic L2TP peer and identity configuration missing after reboot (introduced in v6.44);
*) ipsec - use "remote-id=ignore" for dynamic L2TP configuration (introduced in v6.44);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) lte - do not show "session-uptime" if session is not up;
*) lte - fixed LTE interface band setting on RBSXTLTE3-7 (introduced in v6.44);
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menu;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
Версия 6.44
2019-02-26
What's new in 6.44 (2019-Feb-25 14:11):
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (RADIUS communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
----------------------
Changes in this release:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - improved fan control stability;
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv4-server - use ARP for conflict detection;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) e-mail - added support for multiple transactions on single connection;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed "without-paging" option;
*) fetch - improved file downloading to slow memory;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
*) ike1 - fixed memory leak;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) interface - added "pwr-line" interface support (more information will follow in next newsletter);
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) log - accumulate multiple e-mail messages before sending;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added initial support for Telit LN940;
*) lte - added multiple APN support for R11e-4G;
*) lte - added option to lock the LTE operator;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) smb - added commenting option for SMB users (CLI only);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed public key format compatibility with RFC4716;
*) supout - fixed "poe-out" output not showing all interfaces;
*) supout - fixed Profile output on single core devices;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - improved file handling;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - improved file handling;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - organized wireless parameters between simple and advanced modes;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved NV2 performance for all ARM devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (RADIUS communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
----------------------
Changes in this release:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - improved fan control stability;
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv4-server - use ARP for conflict detection;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) e-mail - added support for multiple transactions on single connection;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed "without-paging" option;
*) fetch - improved file downloading to slow memory;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
*) ike1 - fixed memory leak;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) interface - added "pwr-line" interface support (more information will follow in next newsletter);
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) log - accumulate multiple e-mail messages before sending;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added initial support for Telit LN940;
*) lte - added multiple APN support for R11e-4G;
*) lte - added option to lock the LTE operator;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) smb - added commenting option for SMB users (CLI only);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed public key format compatibility with RFC4716;
*) supout - fixed "poe-out" output not showing all interfaces;
*) supout - fixed Profile output on single core devices;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - improved file handling;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - improved file handling;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - organized wireless parameters between simple and advanced modes;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved NV2 performance for all ARM devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
Версия 6.44
2019-02-26
What's new in 6.44 (2019-Feb-25 14:11):
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (RADIUS communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
----------------------
Changes in this release:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - improved fan control stability;
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv4-server - use ARP for conflict detection;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) e-mail - added support for multiple transactions on single connection;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed "without-paging" option;
*) fetch - improved file downloading to slow memory;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
*) ike1 - fixed memory leak;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) interface - added "pwr-line" interface support (more information will follow in next newsletter);
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) log - accumulate multiple e-mail messages before sending;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added initial support for Telit LN940;
*) lte - added multiple APN support for R11e-4G;
*) lte - added option to lock the LTE operator;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) smb - added commenting option for SMB users (CLI only);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed public key format compatibility with RFC4716;
*) supout - fixed "poe-out" output not showing all interfaces;
*) supout - fixed Profile output on single core devices;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - improved file handling;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - improved file handling;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - organized wireless parameters between simple and advanced modes;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved NV2 performance for all ARM devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (RADIUS communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
----------------------
Changes in this release:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - improved fan control stability;
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv4-server - use ARP for conflict detection;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) e-mail - added support for multiple transactions on single connection;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed "without-paging" option;
*) fetch - improved file downloading to slow memory;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
*) ike1 - fixed memory leak;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) interface - added "pwr-line" interface support (more information will follow in next newsletter);
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) log - accumulate multiple e-mail messages before sending;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added initial support for Telit LN940;
*) lte - added multiple APN support for R11e-4G;
*) lte - added option to lock the LTE operator;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) smb - added commenting option for SMB users (CLI only);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed public key format compatibility with RFC4716;
*) supout - fixed "poe-out" output not showing all interfaces;
*) supout - fixed Profile output on single core devices;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - improved file handling;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - improved file handling;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - organized wireless parameters between simple and advanced modes;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved NV2 performance for all ARM devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
Версия 6.44
2019-02-26
What's new in 6.44 (2019-Feb-25 14:11):
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (RADIUS communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
----------------------
Changes in this release:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - improved fan control stability;
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv4-server - use ARP for conflict detection;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) e-mail - added support for multiple transactions on single connection;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed "without-paging" option;
*) fetch - improved file downloading to slow memory;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
*) ike1 - fixed memory leak;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) interface - added "pwr-line" interface support (more information will follow in next newsletter);
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) log - accumulate multiple e-mail messages before sending;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added initial support for Telit LN940;
*) lte - added multiple APN support for R11e-4G;
*) lte - added option to lock the LTE operator;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) smb - added commenting option for SMB users (CLI only);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed public key format compatibility with RFC4716;
*) supout - fixed "poe-out" output not showing all interfaces;
*) supout - fixed Profile output on single core devices;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - improved file handling;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - improved file handling;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - organized wireless parameters between simple and advanced modes;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved NV2 performance for all ARM devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
MAJOR CHANGES IN v6.44:
----------------------
!) cloud - added command "/system backup cloud" for backup storing on cloud (CLI only);
!) ipsec - added new "identity" menu with common peer distinguishers;
!) ipsec - removed "main-l2tp" exchange-mode, it is the same as "main" exchange-mode;
!) ipsec - removed "users" menu, XAuth user configuration is now handled by "identity" menu;
!) radius - initial implementation of RadSec (RADIUS communication over TLS);
!) speedtest - added "/tool speed-test" for ping latency, jitter, loss and TCP and UDP download, upload speed measurements (CLI only);
----------------------
Changes in this release:
*) bgp - properly update keepalive time after peer restart;
*) bridge - added option to monitor fast-forward status;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - disable fast-forward when using SlowPath features;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed DHCP Option 82 parsing when using DHCP Snooping;
*) bridge - fixed log message when hardware offloading is being enabled;
*) bridge - fixed packet forwarding when changing MSTI VLAN mappings;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using MSTP;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - improved packet processing when bridge port changes states;
*) btest - added multithreading support for both UDP and TCP tests;
*) btest - added warning message when CPU load exceeds 90% (CLI only);
*) capsman - always accept connections from loopback address;
*) certificate - added support for multiple "Subject Alt. Names";
*) certificate - enabled RC2 cipher to allow P12 certificate decryption;
*) certificate - fixed certificate signing by SCEP client if multiple CA certificates are provided;
*) certificate - show digest algorithm used in signature;
*) chr - assign interface names based on underlying PCI device order on KVM;
*) chr - distribute NIC queue IRQ's evenly across all CPUs;
*) chr - fixed IRQ balancing when using more than 32 CPUs;
*) chr - improved system stability when insufficient resources are allocated to the guest;
*) cloud - added "ddns-update-interval" parameter;
*) cloud - do not reuse old UDP socket if routing changes are detected;
*) cloud - ignore "force-update" command if DDNS is disabled;
*) cloud - improved DDNS service disabling;
*) cloud - made address updating faster when new public address detected;
*) conntrack - added new "loose-tcp-tracking" parameter (equivalent to "nf_conntrack_tcp_loose" in netfilter);
*) console - renamed IP protocol 41 to "ipv6-encap";
*) console - updated copyright notice;
*) crs317 - fixed packet forwarding when LACP is used with hw=no;
*) crs3xx - fixed packet forwarding through SFP+ ports when using 100Mbps link speed;
*) crs3xx - improved fan control stability;
*) defconf - fixed configuration not generating properly on upgrade;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) defconf - fixed IPv6 link-local address range in firewall rules;
*) dhcp - added "allow-dual-stack-queue" setting for IPv4/IPv6 DHCP servers to control dynamic lease/binding behaviour;
*) dhcp - properly load DHCP configuration if options are configured;
*) dhcpv4-server - added "parent-queue" parameter (CLI only);
*) dhcpv4-server - added "User-Name" attribute to RADIUS accounting messages;
*) dhcpv4-server - fixed service becoming unresponsive after interface leaves and enters the same bridge;
*) dhcpv4-server - use ARP for conflict detection;
*) dhcpv6-client - use default route distance also for unreachable route added by DHCPv6 client;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) dhcpv6-server - improved DHCPv6 server stability when using "print" command;
*) dhcpv6-server - show "client-address" parameter for bindings;
*) discovery - detect proper slave interface on bounded interfaces;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - send master port in "interface-name" parameter;
*) discovery - show neighbors on actual bridge port instead of bridge itself for LLDP;
*) e-mail - added info log message when e-mail is sent successfully;
*) e-mail - added support for multiple transactions on single connection;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed IPv4 and IPv6 packet forwarding on IPQ4018 devices;
*) ethernet - fixed linking issues on wAP ac, RB750Gr2 and Metal 52 ac (introduced in v6.43rc52);
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) ethernet - improved per core ethernet traffic classificator on mmips devices;
*) export - fixed "silent-boot" compact export;
*) fetch - added "http-header-field" parameter;
*) fetch - added option to specify multiple headers under "http-header-field", including content type;
*) fetch - fixed "without-paging" option;
*) fetch - improved file downloading to slow memory;
*) fetch - improved stability when using HTTP mode;
*) fetch - removed "http-content-type" parameter;
*) gps - increase precision for dd format;
*) gps - moved "coordinate-format" from "monitor" command to "set" parameter;
*) health - improved fan control stability on CRS328-24P-4S+RM;
*) hotspot - added "https-redirect" under server profiles;
*) hotspot - added per-user NAT rule generation based on "incoming-filter" and "outgoing-filter" parameters;
*) ike1 - do not allow using RSA-key and RSA-signature authentication methods simultaneously on single peer;
*) ike1 - fixed memory leak;
*) ike2 - added option to specify certificate chain;
*) ike2 - added peer identity validation for RSA auth (disabled after upgrade);
*) ike2 - allow to match responder peer by "my-id=fqdn" field;
*) ike2 - fixed local address lookup when initiating new connection;
*) ike2 - improved subsequent phase 2 initialization when no childs exist;
*) ike2 - properly handle certificates with empty "Subject";
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) ike2 - send split networks over DHCP (option 249) to Windows initiators if DHCP Inform is received;
*) ike2 - show weak pre-shared-key warning;
*) interface - added "pwr-line" interface support (more information will follow in next newsletter);
*) ipsec - added account log message when user is successfully authenticated;
*) ipsec - added basic pre-shared-key strength checks;
*) ipsec - added new "remote-id" peer matcher;
*) ipsec - allow to specify single address instead of IP pool under "mode-config";
*) ipsec - fixed active connection killing when changing peer configuration;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipsec - hide empty prefixes on "peer" menu;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - made dynamic "src-nat" rule more specific;
*) ipsec - made peers autosort themselves based on reachability status;
*) ipsec - moved "profile" menu outside "peer" menu;
*) ipsec - properly detect AES-NI extension as hardware AEAD;
*) ipsec - removed limitation that allowed only single "auth-method" with the same "exchange-mode" as responder;
*) ipsec - require write policy for key generation;
*) kidcontrol - added IPv6 support;
*) kidcontrol - added "reset-counters" command for "device" menu (CLI only);
*) kidcontrol - added statistics web interface for kids (http://router.lan/kid-control);
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) kidcontrol - dynamically discover devices from DNS activity;
*) kidcontrol - fixed validation checks for time intervals;
*) kidcontrol - properly detect time zone changes;
*) kidcontrol - use "/128" prefix-length for IPv6 addresses;
*) l2tp - fixed IPsec secret not being updated when "ipsec-secret" is changed under L2TP client configuration;
*) lcd - made "pin" parameter sensitive;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) led - fixed default LED configuration for wAP 60G AP devices;
*) led - fixed PWR-LINE AP Ethernet LED polarity ("/system routerboard upgrade" required);
*) lldp - fixed missing capabilities fields on some devices;
*) log - accumulate multiple e-mail messages before sending;
*) lte - added additional ID support for Novatel USB730L modem;
*) lte - added "cell-monitor" command for R11e-LTE international modem (CLI only);
*) lte - added "ecno" field for "info" command;
*) lte - added "firmware-upgrade" command for R11e-LTE international modems (CLI only);
*) lte - added initial support for multiple APN for R11e-4G (new modem firmware required);
*) lte - added initial support for Telit LN940;
*) lte - added multiple APN support for R11e-4G;
*) lte - added option to lock the LTE operator;
*) lte - added support for JioFi JMR1040 modem;
*) lte - fixed connection issue when LTE modem was de-registered from network for more than 1 minute;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed DHCP relay packet forwarding when in passthrough mode;
*) lte - fixed IPv6 activation for R11e-LTE-US modems;
*) lte - fixed Jaton/SQN modems preventing router from booting properly;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed missing running (R) flag for Jaton LTE modems;
*) lte - fixed passthrough DHCP address forward when other address is acquired from operator;
*) lte - fixed reported "rsrq" precision (introduced in v6.43.8);
*) lte - improved compatibility for Alt38xx modems;
*) lte - improved SIM7600 initialization after reset;
*) lte - improved SimCom 7100e support;
*) lte - query "cfun" on initialization;
*) lte - require write policy for at-chat;
*) lte - update firmware version information after R11e-LTE/R11e-4G firmware upgrade;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) port - improved "remote-serial" TCP performance in RAW mode;
*) ppp - added "at-chat" command;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) profiler - classify kernel crypto processing as "encrypting";
*) profile - removed obsolete "file-name" parameter;
*) proxy - removed port list size limit;
*) radius - implemented Proxy-State attribute handling in CoA and disconnect requests;
*) rb3011 - implemented multiple engine IPsec hardware acceleration support;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behavior;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) rbm33g - improved stability when used with some USB devices;
*) romon - improved reliability when processing RoMON packets on CHR;
*) routerboard - removed "RB" prefix from PWR-LINE AP devices;
*) routerboard - require at least 10 second interval between "reformat-hold-button" and "max-reformat-hold-button";
*) smb - added commenting option for SMB users (CLI only);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) sniffer - save packet capture in "802.11" type when sniffing on w60g interface in "sniff" mode;
*) snmp - added "dot1qPortVlanTable" and "dot1dBasePortTable" OIDs;
*) snmp - changed fan speed value type to Gauge32;
*) snmp - fixed "rsrq" reported precision;
*) snmp - fixed w60g station table;
*) snmp - removed "rx-sector" ("Wl60gRxSector") value;
*) snmp - report bridge ifSpeed as "0";
*) snmp - report ifSpeed 0 for sub-layer interfaces;
*) ssh - added "allow-none-crypto" parameter to disable "none" encryption usage (CLI only);
*) ssh - added error log message when key exchange fails;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) ssh - fixed public key format compatibility with RFC4716;
*) supout - fixed "poe-out" output not showing all interfaces;
*) supout - fixed Profile output on single core devices;
*) switch - added comment field to switch ACL rules;
*) switch - fixed ACL rules on IPQ4018 devices;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) system - removed obsolete "/driver" command;
*) tr069-client - added "check-certificate" parameter to allow communication without certificates;
*) tr069-client - added "connection-request-port" parameter (CLI only);
*) tr069-client - added support for InformParameter object;
*) tr069-client - fixed certificate verification for certificates with IP address;
*) tr069-client - fixed HTTP cookie getting duplicated with the same key;
*) tr069-client - increased reported "rsrq" precision;
*) traceroute - improved stability when sending large ping amounts;
*) traffic-flow - reduced minimal value of "active-flow-timeout" parameter to 1s;
*) tunnel - properly clear dynamic IPsec configuration when removing/disabling EoIP with DNS as "remote-address";
*) upgrade - made security package depend on DHCP package;
*) usb - improved power-reset error message when no bus specified on CCR1072-8G-1S+;
*) usb - improved USB device powering on startup for hAP ac^2 devices;
*) usb - increased default power-reset timeout to 5 seconds;
*) userman - added first and last name fields for signup form;
*) userman - show redirect location in error messages;
*) user - require "write" permissions for LTE firmware update;
*) vrrp - made "password" parameter sensitive;
*) w60g - added "10s-average-rssi" parameter to align mode (CLI only);
*) w60g - added align mode "/interface w60g align" (CLI only);
*) w60g - fixed scan in bridge mode;
*) w60g - improved PtMP performance;
*) w60g - improved reconnection detection;
*) w60g - improved "tx-packet-error-rate" reading;
*) w60g - renamed disconnection message when license level did not allow more connected clients;
*) w60g - renamed "frequency-list" to "scan-list";
*) watchdog - allow specifying DNS name for "send-smtp-server" parameter;
*) webfig - improved file handling;
*) winbox - added 4th chain selection for "HT TX chains" and "HT RX chains" under "CAPsMAN/CAP Interface/Wireless" tab;
*) winbox - added "allow-dual-stack-queue" parameter in "IP/DHCP Server" and "IPv6/DHCP Server" menus;
*) winbox - added "challenge-password" field when signing certificate with SCEP;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "radio-name" setting to "CAPsMAN/CAP Interface/General" tab;
*) winbox - added "secondary-channel" setting to "CAPsMAN/CAP Interface/Channel" tab;
*) winbox - added src/dst address and in/out interface list columns to default firewall menu view;
*) winbox - added support for dynamic devices in "IP/Kid Control/Devices" tab;
*) winbox - allow setting "network-mode" to "auto" under LTE interface settings;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed L2MTU parameter setting on "W60G" type interfaces;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - fixed missing w60g interface status values;
*) winbox - improved file handling;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - organized wireless parameters between simple and advanced modes;
*) winbox - renamed "Default AP Tx Rate" to "Default AP Tx Limit";
*) winbox - renamed "Default Client Tx Rate" to "Default Client Tx Limit";
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved connection stability for new model Apple devices;
*) wireless - improved NV2 performance for all ARM devices;
*) wireless - improved signal strength at low TX power on LHG 5 ac, LHG 5 ac XL and LDF 5 ac ("/system routerboard upgrade" required);
*) wireless - improved system stability for all ARM devices with wireless;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) wireless - improved system stability when scanning for other networks;
*) wireless - removed G/N support for 2484MHz in "japan" regulatory domain;
*) wireless - report last seen IP address in RADIUS accounting messages;
*) wireless - show "installation" parameter when printing configuration;
Версия 6.43.9
2019-02-05
What's new in 6.43.9 (2019-Jan-10 07:11):
(factory only release)
(factory only release)
Версия 6.43.9
2019-02-05
What's new in 6.43.9 (2019-Jan-10 07:11):
(factory only release)
(factory only release)
Версия 6.43.9
2019-02-05
What's new in 6.43.9 (2019-Jan-10 07:11):
(factory only release)
(factory only release)
Версия 6.43.8
2018-12-21
What's new in 6.43.8 (2018-Dec-21 07:10):
MAJOR CHANGES IN v6.43.8:
----------------------
!) telnet - do not allow to set "tracefile" parameter;
----------------------
Changes in this release:
*) bridge - fixed IPv6 link-local address generation when auto-mac=yes;
*) capsman - fixed "group-key-update" parameter not using correct units;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) console - properly remove system note after configuration reset;
*) dhcpv4-server - fixed dynamic lease reuse after expiration;
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) gps - added "coordinate-format" parameter;
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) led - fixed PWR-LINE AP ethernet led polarity ("/system routerboard upgrade" required);
*) lte - disallow setting LTE interface as passthrough target;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed passthrough functionality when interface is removed;
*) lte - increased reported "rsrq" precision;
*) lte - reset USB when non-default slot is used;
*) package - use bundled package by default if standalone packages are installed as well;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD and RB4011iGS+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved stability for 802.11ac;
*) wireless - improvements in wireless frequency selection;
MAJOR CHANGES IN v6.43.8:
----------------------
!) telnet - do not allow to set "tracefile" parameter;
----------------------
Changes in this release:
*) bridge - fixed IPv6 link-local address generation when auto-mac=yes;
*) capsman - fixed "group-key-update" parameter not using correct units;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) console - properly remove system note after configuration reset;
*) dhcpv4-server - fixed dynamic lease reuse after expiration;
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) gps - added "coordinate-format" parameter;
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) led - fixed PWR-LINE AP ethernet led polarity ("/system routerboard upgrade" required);
*) lte - disallow setting LTE interface as passthrough target;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed passthrough functionality when interface is removed;
*) lte - increased reported "rsrq" precision;
*) lte - reset USB when non-default slot is used;
*) package - use bundled package by default if standalone packages are installed as well;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD and RB4011iGS+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved stability for 802.11ac;
*) wireless - improvements in wireless frequency selection;
Версия 6.43.8
2018-12-21
What's new in 6.43.8 (2018-Dec-21 07:10):
MAJOR CHANGES IN v6.43.8:
----------------------
!) telnet - do not allow to set "tracefile" parameter;
----------------------
Changes in this release:
*) bridge - fixed IPv6 link-local address generation when auto-mac=yes;
*) capsman - fixed "group-key-update" parameter not using correct units;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) console - properly remove system note after configuration reset;
*) dhcpv4-server - fixed dynamic lease reuse after expiration;
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) gps - added "coordinate-format" parameter;
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) led - fixed PWR-LINE AP ethernet led polarity ("/system routerboard upgrade" required);
*) lte - disallow setting LTE interface as passthrough target;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed passthrough functionality when interface is removed;
*) lte - increased reported "rsrq" precision;
*) lte - reset USB when non-default slot is used;
*) package - use bundled package by default if standalone packages are installed as well;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD and RB4011iGS+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved stability for 802.11ac;
*) wireless - improvements in wireless frequency selection;
MAJOR CHANGES IN v6.43.8:
----------------------
!) telnet - do not allow to set "tracefile" parameter;
----------------------
Changes in this release:
*) bridge - fixed IPv6 link-local address generation when auto-mac=yes;
*) capsman - fixed "group-key-update" parameter not using correct units;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) console - properly remove system note after configuration reset;
*) dhcpv4-server - fixed dynamic lease reuse after expiration;
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) gps - added "coordinate-format" parameter;
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) led - fixed PWR-LINE AP ethernet led polarity ("/system routerboard upgrade" required);
*) lte - disallow setting LTE interface as passthrough target;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed passthrough functionality when interface is removed;
*) lte - increased reported "rsrq" precision;
*) lte - reset USB when non-default slot is used;
*) package - use bundled package by default if standalone packages are installed as well;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD and RB4011iGS+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved stability for 802.11ac;
*) wireless - improvements in wireless frequency selection;
Версия 6.43.8
2018-12-21
What's new in 6.43.8 (2018-Dec-21 07:10):
MAJOR CHANGES IN v6.43.8:
----------------------
!) telnet - do not allow to set "tracefile" parameter;
----------------------
Changes in this release:
*) bridge - fixed IPv6 link-local address generation when auto-mac=yes;
*) capsman - fixed "group-key-update" parameter not using correct units;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) console - properly remove system note after configuration reset;
*) dhcpv4-server - fixed dynamic lease reuse after expiration;
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) gps - added "coordinate-format" parameter;
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) led - fixed PWR-LINE AP ethernet led polarity ("/system routerboard upgrade" required);
*) lte - disallow setting LTE interface as passthrough target;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed passthrough functionality when interface is removed;
*) lte - increased reported "rsrq" precision;
*) lte - reset USB when non-default slot is used;
*) package - use bundled package by default if standalone packages are installed as well;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD and RB4011iGS+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved stability for 802.11ac;
*) wireless - improvements in wireless frequency selection;
MAJOR CHANGES IN v6.43.8:
----------------------
!) telnet - do not allow to set "tracefile" parameter;
----------------------
Changes in this release:
*) bridge - fixed IPv6 link-local address generation when auto-mac=yes;
*) capsman - fixed "group-key-update" parameter not using correct units;
*) crs3xx - improved data transmission between 10G and 1G ports;
*) console - properly remove system note after configuration reset;
*) dhcpv4-server - fixed dynamic lease reuse after expiration;
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) ethernet - fixed VLAN1 forwarding on RB1100AHx4 and RB4011 devices;
*) gps - added "coordinate-format" parameter;
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) led - fixed PWR-LINE AP ethernet led polarity ("/system routerboard upgrade" required);
*) lte - disallow setting LTE interface as passthrough target;
*) lte - fixed DHCP IP acquire (introduced in v6.43.7);
*) lte - fixed passthrough functionality when interface is removed;
*) lte - increased reported "rsrq" precision;
*) lte - reset USB when non-default slot is used;
*) package - use bundled package by default if standalone packages are installed as well;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - added "allow-roaming" parameter in "Interface/LTE" menu;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD and RB4011iGS+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved stability for 802.11ac;
*) wireless - improvements in wireless frequency selection;
Версия 6.43.7
2018-12-03
What's new in 6.43.7 (2018-Nov-30 09:01):
MAJOR CHANGES IN v6.43.7:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - properly disable dynamic CAP interfaces;
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - fixed time zone adjustment for SCEP requests;
*) certificate - properly flush old CRLs when changing store location;
*) chr - fixed possible memory allocation failure when using multiple CPUs or interfaces on Xen installations;
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) discovery - properly use System ID for "software-id" value on CHR;
*) export - fixed "silent-boot" compact export;
*) health - fixed bad voltage readings on RB493G;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - properly update warnings under peer menu;
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) log - properly handle long echo messages;
*) lte - added support for more ZTE MF90 modems;
*) ospf - improved stability while handling type-5 LSAs;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - show "boot-os" and "force-backup-booter" options only on devices that have such feature;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed post NAT port reporting;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - fixed neighbor discovery for IPv6 neighbors;
*) winbox - show "System/Health" only on boards that have health monitoring;
MAJOR CHANGES IN v6.43.7:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - properly disable dynamic CAP interfaces;
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - fixed time zone adjustment for SCEP requests;
*) certificate - properly flush old CRLs when changing store location;
*) chr - fixed possible memory allocation failure when using multiple CPUs or interfaces on Xen installations;
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) discovery - properly use System ID for "software-id" value on CHR;
*) export - fixed "silent-boot" compact export;
*) health - fixed bad voltage readings on RB493G;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - properly update warnings under peer menu;
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) log - properly handle long echo messages;
*) lte - added support for more ZTE MF90 modems;
*) ospf - improved stability while handling type-5 LSAs;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - show "boot-os" and "force-backup-booter" options only on devices that have such feature;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed post NAT port reporting;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - fixed neighbor discovery for IPv6 neighbors;
*) winbox - show "System/Health" only on boards that have health monitoring;
Версия 6.43.7
2018-12-03
What's new in 6.43.7 (2018-Nov-30 09:01):
MAJOR CHANGES IN v6.43.7:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - properly disable dynamic CAP interfaces;
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - fixed time zone adjustment for SCEP requests;
*) certificate - properly flush old CRLs when changing store location;
*) chr - fixed possible memory allocation failure when using multiple CPUs or interfaces on Xen installations;
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) discovery - properly use System ID for "software-id" value on CHR;
*) export - fixed "silent-boot" compact export;
*) health - fixed bad voltage readings on RB493G;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - properly update warnings under peer menu;
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) log - properly handle long echo messages;
*) lte - added support for more ZTE MF90 modems;
*) ospf - improved stability while handling type-5 LSAs;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - show "boot-os" and "force-backup-booter" options only on devices that have such feature;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed post NAT port reporting;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - fixed neighbor discovery for IPv6 neighbors;
*) winbox - show "System/Health" only on boards that have health monitoring;
MAJOR CHANGES IN v6.43.7:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - properly disable dynamic CAP interfaces;
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - fixed time zone adjustment for SCEP requests;
*) certificate - properly flush old CRLs when changing store location;
*) chr - fixed possible memory allocation failure when using multiple CPUs or interfaces on Xen installations;
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) discovery - properly use System ID for "software-id" value on CHR;
*) export - fixed "silent-boot" compact export;
*) health - fixed bad voltage readings on RB493G;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - properly update warnings under peer menu;
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) log - properly handle long echo messages;
*) lte - added support for more ZTE MF90 modems;
*) ospf - improved stability while handling type-5 LSAs;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - show "boot-os" and "force-backup-booter" options only on devices that have such feature;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed post NAT port reporting;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - fixed neighbor discovery for IPv6 neighbors;
*) winbox - show "System/Health" only on boards that have health monitoring;
Версия 6.43.7
2018-12-03
What's new in 6.43.7 (2018-Nov-30 09:01):
MAJOR CHANGES IN v6.43.7:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - properly disable dynamic CAP interfaces;
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - fixed time zone adjustment for SCEP requests;
*) certificate - properly flush old CRLs when changing store location;
*) chr - fixed possible memory allocation failure when using multiple CPUs or interfaces on Xen installations;
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) discovery - properly use System ID for "software-id" value on CHR;
*) export - fixed "silent-boot" compact export;
*) health - fixed bad voltage readings on RB493G;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - properly update warnings under peer menu;
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) log - properly handle long echo messages;
*) lte - added support for more ZTE MF90 modems;
*) ospf - improved stability while handling type-5 LSAs;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - show "boot-os" and "force-backup-booter" options only on devices that have such feature;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed post NAT port reporting;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - fixed neighbor discovery for IPv6 neighbors;
*) winbox - show "System/Health" only on boards that have health monitoring;
MAJOR CHANGES IN v6.43.7:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
Changes in this release:
*) bridge - properly disable dynamic CAP interfaces;
*) certificate - fixed "expires-after" parameter calculation;
*) certificate - fixed time zone adjustment for SCEP requests;
*) certificate - properly flush old CRLs when changing store location;
*) chr - fixed possible memory allocation failure when using multiple CPUs or interfaces on Xen installations;
*) crs328 - fixed SFP ports not reporting auto-negotiation status;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - fixed default configuration loading on RB4011iGS+5HacQ2HnD-IN;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) discovery - properly use System ID for "software-id" value on CHR;
*) export - fixed "silent-boot" compact export;
*) health - fixed bad voltage readings on RB493G;
*) interface - improved system stability when including/excluding a list to itself;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly handle peer profiles on downgrade;
*) ipsec - properly update warnings under peer menu;
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) log - properly handle long echo messages;
*) lte - added support for more ZTE MF90 modems;
*) ospf - improved stability while handling type-5 LSAs;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - show "boot-os" and "force-backup-booter" options only on devices that have such feature;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed post NAT port reporting;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - speed up first time login process after upgrade from version older than v6.43;
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - fixed neighbor discovery for IPv6 neighbors;
*) winbox - show "System/Health" only on boards that have health monitoring;
Версия 6.43.6
2018-12-03
What's new in 6.43.6 (2018-Nov-07 10:40):
(factory only release)
(factory only release)
Версия 6.43.6
2018-12-03
What's new in 6.43.6 (2018-Nov-07 10:40):
(factory only release)
(factory only release)
Версия 6.43.6
2018-12-03
What's new in 6.43.6 (2018-Nov-07 10:40):
(factory only release)
(factory only release)
Версия 6.43.5
2018-12-03
What's new in 6.43.5 (2018-Oct-25 12:37):
(factory only release)
(factory only release)
Версия 6.43.5
2018-12-03
What's new in 6.43.5 (2018-Oct-25 12:37):
(factory only release)
(factory only release)
Версия 6.43.5
2018-12-03
What's new in 6.43.5 (2018-Oct-25 12:37):
(factory only release)
(factory only release)
Версия 6.43.4
2018-10-18
What's new in 6.43.4 (2018-Oct-17 06:37):
Changes in this release:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - properly read "eeprom" data after different module inserted in disabled interface;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) dhcpv6-server - fixed dynamic binding addition on solicit when IA_PD does not contain prefix (introduced in v6.43);
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) ntp - fixed possible NTP server stuck in "started" state;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - general stability and performance improvements;
*) w60g - improved stability for short distance links;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
Changes in this release:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - properly read "eeprom" data after different module inserted in disabled interface;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) dhcpv6-server - fixed dynamic binding addition on solicit when IA_PD does not contain prefix (introduced in v6.43);
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) ntp - fixed possible NTP server stuck in "started" state;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - general stability and performance improvements;
*) w60g - improved stability for short distance links;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
Версия 6.43.4
2018-10-18
What's new in 6.43.4 (2018-Oct-17 06:37):
Changes in this release:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - properly read "eeprom" data after different module inserted in disabled interface;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) dhcpv6-server - fixed dynamic binding addition on solicit when IA_PD does not contain prefix (introduced in v6.43);
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) ntp - fixed possible NTP server stuck in "started" state;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - general stability and performance improvements;
*) w60g - improved stability for short distance links;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
Changes in this release:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - properly read "eeprom" data after different module inserted in disabled interface;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) dhcpv6-server - fixed dynamic binding addition on solicit when IA_PD does not contain prefix (introduced in v6.43);
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) ntp - fixed possible NTP server stuck in "started" state;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - general stability and performance improvements;
*) w60g - improved stability for short distance links;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
Версия 6.43.4
2018-10-18
What's new in 6.43.4 (2018-Oct-17 06:37):
Changes in this release:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - properly read "eeprom" data after different module inserted in disabled interface;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) dhcpv6-server - fixed dynamic binding addition on solicit when IA_PD does not contain prefix (introduced in v6.43);
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) ntp - fixed possible NTP server stuck in "started" state;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - general stability and performance improvements;
*) w60g - improved stability for short distance links;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
Changes in this release:
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - properly forward unicast DHCP messages when using DHCP Snooping with hardware offloading;
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) crs3xx - properly read "eeprom" data after different module inserted in disabled interface;
*) dhcpv4-server - use client MAC address for dual stack queue when "client-id" is not received;
*) dhcpv6-server - fixed dynamic binding addition on solicit when IA_PD does not contain prefix (introduced in v6.43);
*) dhcpv6-server - recreate DHCPv6 server binding if it is no longer within prefix pool when rebinding/renewing;
*) ipsec - allow multiple peers to the same address with different local-address (introduced in v6.43);
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP and hAP ac lite devices;
*) led - fixed default LED configuration for SXT LTE kit devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) ntp - fixed possible NTP server stuck in "started" state;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) routerboard - show "boot-os" option only on devices that have such feature;
*) traffic-flow - fixed post NAT port reporting;
*) w60g - added "frequency-list" setting;
*) w60g - added interface stats;
*) w60g - fixed interface LED status update on connection;
*) w60g - general stability and performance improvements;
*) w60g - improved stability for short distance links;
*) w60g - renamed "mcs" to "tx-mcs" and "phy-rate" to "tx-phy-rate";
Версия 6.43.3
2018-10-18
What's new in 6.43.3 (2018-Oct-05 13:12):
(factory only release)
(factory only release)
Версия 6.43.3
2018-10-18
What's new in 6.43.3 (2018-Oct-05 13:12):
(factory only release)
(factory only release)
Версия 6.43.3
2018-10-18
What's new in 6.43.3 (2018-Oct-05 13:12):
(factory only release)
(factory only release)
Версия 6.43.2
2018-09-20
What's new in 6.43.2 (2018-Sep-18 12:12):
Changes in this release:
*) routerboot - fixed RouterOS booting on devices with particular NAND memory (introduced in v6.43);
Changes in this release:
*) routerboot - fixed RouterOS booting on devices with particular NAND memory (introduced in v6.43);
Версия 6.43.2
2018-09-20
What's new in 6.43.2 (2018-Sep-18 12:12):
Changes in this release:
*) routerboot - fixed RouterOS booting on devices with particular NAND memory (introduced in v6.43);
Changes in this release:
*) routerboot - fixed RouterOS booting on devices with particular NAND memory (introduced in v6.43);
Версия 6.43.2
2018-09-20
What's new in 6.43.2 (2018-Sep-18 12:12):
Changes in this release:
*) routerboot - fixed RouterOS booting on devices with particular NAND memory (introduced in v6.43);
Changes in this release:
*) routerboot - fixed RouterOS booting on devices with particular NAND memory (introduced in v6.43);
Версия 6.43.12
2019-02-11
What's new in 6.43.12 (2019-Feb-08 11:46):
MAJOR CHANGES IN v6.43.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------
MAJOR CHANGES IN v6.43.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------
Версия 6.43.12
2019-02-11
What's new in 6.43.12 (2019-Feb-08 11:46):
MAJOR CHANGES IN v6.43.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------
MAJOR CHANGES IN v6.43.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------
Версия 6.43.12
2019-02-11
What's new in 6.43.12 (2019-Feb-08 11:46):
MAJOR CHANGES IN v6.43.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------
MAJOR CHANGES IN v6.43.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------
Версия 6.43.11
2019-02-05
What's new in 6.43.11 (2019-Feb-04 12:24):
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) smb - fixed possible buffer overflow;
*) w60g - fixed disconnection issues in PtMP setups;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info" command;
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) smb - fixed possible buffer overflow;
*) w60g - fixed disconnection issues in PtMP setups;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info" command;
Версия 6.43.11
2019-02-05
What's new in 6.43.11 (2019-Feb-04 12:24):
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) smb - fixed possible buffer overflow;
*) w60g - fixed disconnection issues in PtMP setups;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info" command;
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) smb - fixed possible buffer overflow;
*) w60g - fixed disconnection issues in PtMP setups;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info" command;
Версия 6.43.11
2019-02-05
What's new in 6.43.11 (2019-Feb-04 12:24):
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) smb - fixed possible buffer overflow;
*) w60g - fixed disconnection issues in PtMP setups;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info" command;
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) smb - fixed possible buffer overflow;
*) w60g - fixed disconnection issues in PtMP setups;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info" command;
Версия 6.43.10
2019-02-05
What's new in 6.43.10 (2019-Jan-24 07:09):
(factory only release)
(factory only release)
Версия 6.43.10
2019-02-05
What's new in 6.43.10 (2019-Jan-24 07:09):
(factory only release)
(factory only release)
Версия 6.43.10
2019-02-05
What's new in 6.43.10 (2019-Jan-24 07:09):
(factory only release)
(factory only release)
Версия 6.43.1
2018-09-18
What's new in 6.43.1 (2018-Sep-17 06:53):
Changes in this release:
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) dhcpv6-client - log only failed pool additions;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed port mirroring on devices that do not support CPU Flow Control;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) webfig - allow to change user name when creating a new system user (introduced in v6.43);
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IP/DHCP Server/Leases" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IPv6/DHCPv6 Server/Bindings" menu;
*) winbox - fixed corrupt user database after specifying allowed address range (introduced in v6.43);
*) winbox - make bridge port "untrusted" by default when creating new port;
*) winbox - show "IP/Cloud" menu on CHR;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
Changes in this release:
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) dhcpv6-client - log only failed pool additions;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed port mirroring on devices that do not support CPU Flow Control;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) webfig - allow to change user name when creating a new system user (introduced in v6.43);
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IP/DHCP Server/Leases" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IPv6/DHCPv6 Server/Bindings" menu;
*) winbox - fixed corrupt user database after specifying allowed address range (introduced in v6.43);
*) winbox - make bridge port "untrusted" by default when creating new port;
*) winbox - show "IP/Cloud" menu on CHR;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
Версия 6.43.1
2018-09-18
What's new in 6.43.1 (2018-Sep-17 06:53):
Changes in this release:
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) dhcpv6-client - log only failed pool additions;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed port mirroring on devices that do not support CPU Flow Control;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) webfig - allow to change user name when creating a new system user (introduced in v6.43);
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IP/DHCP Server/Leases" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IPv6/DHCPv6 Server/Bindings" menu;
*) winbox - fixed corrupt user database after specifying allowed address range (introduced in v6.43);
*) winbox - make bridge port "untrusted" by default when creating new port;
*) winbox - show "IP/Cloud" menu on CHR;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
Changes in this release:
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) dhcpv6-client - log only failed pool additions;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed port mirroring on devices that do not support CPU Flow Control;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) webfig - allow to change user name when creating a new system user (introduced in v6.43);
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IP/DHCP Server/Leases" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IPv6/DHCPv6 Server/Bindings" menu;
*) winbox - fixed corrupt user database after specifying allowed address range (introduced in v6.43);
*) winbox - make bridge port "untrusted" by default when creating new port;
*) winbox - show "IP/Cloud" menu on CHR;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
Версия 6.43.1
2018-09-18
What's new in 6.43.1 (2018-Sep-17 06:53):
Changes in this release:
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) dhcpv6-client - log only failed pool additions;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed port mirroring on devices that do not support CPU Flow Control;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) webfig - allow to change user name when creating a new system user (introduced in v6.43);
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IP/DHCP Server/Leases" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IPv6/DHCPv6 Server/Bindings" menu;
*) winbox - fixed corrupt user database after specifying allowed address range (introduced in v6.43);
*) winbox - make bridge port "untrusted" by default when creating new port;
*) winbox - show "IP/Cloud" menu on CHR;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
Changes in this release:
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) dhcpv6-client - log only failed pool additions;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) rb3011 - added IPsec hardware acceleration support;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) switch - fixed port mirroring on devices that do not support CPU Flow Control;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) webfig - allow to change user name when creating a new system user (introduced in v6.43);
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IP/DHCP Server/Leases" menu;
*) winbox - added "allow-dual-stack-queue" setting to "IPv6/DHCPv6 Server/Bindings" menu;
*) winbox - fixed corrupt user database after specifying allowed address range (introduced in v6.43);
*) winbox - make bridge port "untrusted" by default when creating new port;
*) winbox - show "IP/Cloud" menu on CHR;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - removed "czech republic 5.8" regulatory domain information as it overlaps with "ETSI 5.7-5.8";
Версия 6.43
2018-09-10
What's new in 6.43 (2018-Sep-06 12:44):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - added support for BPDU Guard;
*) bridge - added support for DHCP Option 82;
*) bridge - added support for DHCP Snooping;
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - added ability to use chain 3 for "HT TX chains" and "HT RX chains" selections (CLI only);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) certificate - fixed RA "server-url" setting;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) cloud - close local UDP port if no activity;
*) console - added "dont-require-permissions" parameter for scripts;
*) console - added error log message when netwatch tries to execute script with insufficient permissions;
*) console - added error log message when scheduler tries to execute script with insufficient permissions;
*) console - do not show spare parameters on ping command;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - added Q-in-Q hardware offloading support;
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-client - improved dynamic IPv6 pool addition process;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dns - fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - added missing parameters from export;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "static-dns" value storing;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500;
*) led - improved w60g alignment trigger;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command;
*) lte - added "sector-id" to info command;
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed LTE registration in 2G/3G mode;
*) lte - fixed SIM7600 registration info;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc";
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - improved reliability when connecting from RouterOS versions prior 6.43;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) ospf - improved stability when originating LSAs with OSPFv3;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - added support for Alfa Network U4G modem;
*) ppp - added support for Telit LM940 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added EAP identity to CAPsMAN registration table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed interface speed reporting for predefined rates;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "files" section to supout file;
*) supout - added info log message when supout file is created;
*) supout - added monitored bridge VLAN table to supout file;
*) supout - added "w60g" section to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) tr069-client - use SNI extension for HTTPS;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
*) ups - improved UPS serial parsing stability;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) watchdog - added "ping-timeout" setting;
*) webfig - do not automatically re-log in after logging out;
*) webfig - fixed occasional authentication failure when logging in;
*) webfig - fixed www service becoming unresponsive;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly handle double clicking when logging in or out;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "tag-stacking" option to "Bridge/Ports";
*) winbox - allow to specify LTE interface when sending SMS;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed "bad-blocks" value presence under "System/Resources";
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "IP/IPsec/Peers" section sorting;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - require "sniff" policy for wireless sniffer;
*) wireless - updated "czech republic" regulatory domain information;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - added support for BPDU Guard;
*) bridge - added support for DHCP Option 82;
*) bridge - added support for DHCP Snooping;
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - added ability to use chain 3 for "HT TX chains" and "HT RX chains" selections (CLI only);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) certificate - fixed RA "server-url" setting;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) cloud - close local UDP port if no activity;
*) console - added "dont-require-permissions" parameter for scripts;
*) console - added error log message when netwatch tries to execute script with insufficient permissions;
*) console - added error log message when scheduler tries to execute script with insufficient permissions;
*) console - do not show spare parameters on ping command;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - added Q-in-Q hardware offloading support;
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-client - improved dynamic IPv6 pool addition process;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dns - fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - added missing parameters from export;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "static-dns" value storing;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500;
*) led - improved w60g alignment trigger;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command;
*) lte - added "sector-id" to info command;
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed LTE registration in 2G/3G mode;
*) lte - fixed SIM7600 registration info;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc";
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - improved reliability when connecting from RouterOS versions prior 6.43;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) ospf - improved stability when originating LSAs with OSPFv3;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - added support for Alfa Network U4G modem;
*) ppp - added support for Telit LM940 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added EAP identity to CAPsMAN registration table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed interface speed reporting for predefined rates;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "files" section to supout file;
*) supout - added info log message when supout file is created;
*) supout - added monitored bridge VLAN table to supout file;
*) supout - added "w60g" section to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) tr069-client - use SNI extension for HTTPS;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
*) ups - improved UPS serial parsing stability;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) watchdog - added "ping-timeout" setting;
*) webfig - do not automatically re-log in after logging out;
*) webfig - fixed occasional authentication failure when logging in;
*) webfig - fixed www service becoming unresponsive;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly handle double clicking when logging in or out;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "tag-stacking" option to "Bridge/Ports";
*) winbox - allow to specify LTE interface when sending SMS;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed "bad-blocks" value presence under "System/Resources";
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "IP/IPsec/Peers" section sorting;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - require "sniff" policy for wireless sniffer;
*) wireless - updated "czech republic" regulatory domain information;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43
2018-09-10
What's new in 6.43 (2018-Sep-06 12:44):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - added support for BPDU Guard;
*) bridge - added support for DHCP Option 82;
*) bridge - added support for DHCP Snooping;
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - added ability to use chain 3 for "HT TX chains" and "HT RX chains" selections (CLI only);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) certificate - fixed RA "server-url" setting;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) cloud - close local UDP port if no activity;
*) console - added "dont-require-permissions" parameter for scripts;
*) console - added error log message when netwatch tries to execute script with insufficient permissions;
*) console - added error log message when scheduler tries to execute script with insufficient permissions;
*) console - do not show spare parameters on ping command;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - added Q-in-Q hardware offloading support;
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-client - improved dynamic IPv6 pool addition process;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dns - fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - added missing parameters from export;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "static-dns" value storing;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500;
*) led - improved w60g alignment trigger;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command;
*) lte - added "sector-id" to info command;
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed LTE registration in 2G/3G mode;
*) lte - fixed SIM7600 registration info;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc";
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - improved reliability when connecting from RouterOS versions prior 6.43;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) ospf - improved stability when originating LSAs with OSPFv3;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - added support for Alfa Network U4G modem;
*) ppp - added support for Telit LM940 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added EAP identity to CAPsMAN registration table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed interface speed reporting for predefined rates;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "files" section to supout file;
*) supout - added info log message when supout file is created;
*) supout - added monitored bridge VLAN table to supout file;
*) supout - added "w60g" section to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) tr069-client - use SNI extension for HTTPS;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
*) ups - improved UPS serial parsing stability;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) watchdog - added "ping-timeout" setting;
*) webfig - do not automatically re-log in after logging out;
*) webfig - fixed occasional authentication failure when logging in;
*) webfig - fixed www service becoming unresponsive;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly handle double clicking when logging in or out;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "tag-stacking" option to "Bridge/Ports";
*) winbox - allow to specify LTE interface when sending SMS;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed "bad-blocks" value presence under "System/Resources";
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "IP/IPsec/Peers" section sorting;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - require "sniff" policy for wireless sniffer;
*) wireless - updated "czech republic" regulatory domain information;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - added support for BPDU Guard;
*) bridge - added support for DHCP Option 82;
*) bridge - added support for DHCP Snooping;
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - added ability to use chain 3 for "HT TX chains" and "HT RX chains" selections (CLI only);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) certificate - fixed RA "server-url" setting;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) cloud - close local UDP port if no activity;
*) console - added "dont-require-permissions" parameter for scripts;
*) console - added error log message when netwatch tries to execute script with insufficient permissions;
*) console - added error log message when scheduler tries to execute script with insufficient permissions;
*) console - do not show spare parameters on ping command;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - added Q-in-Q hardware offloading support;
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-client - improved dynamic IPv6 pool addition process;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dns - fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - added missing parameters from export;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "static-dns" value storing;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500;
*) led - improved w60g alignment trigger;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command;
*) lte - added "sector-id" to info command;
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed LTE registration in 2G/3G mode;
*) lte - fixed SIM7600 registration info;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc";
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - improved reliability when connecting from RouterOS versions prior 6.43;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) ospf - improved stability when originating LSAs with OSPFv3;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - added support for Alfa Network U4G modem;
*) ppp - added support for Telit LM940 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added EAP identity to CAPsMAN registration table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed interface speed reporting for predefined rates;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "files" section to supout file;
*) supout - added info log message when supout file is created;
*) supout - added monitored bridge VLAN table to supout file;
*) supout - added "w60g" section to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) tr069-client - use SNI extension for HTTPS;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
*) ups - improved UPS serial parsing stability;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) watchdog - added "ping-timeout" setting;
*) webfig - do not automatically re-log in after logging out;
*) webfig - fixed occasional authentication failure when logging in;
*) webfig - fixed www service becoming unresponsive;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly handle double clicking when logging in or out;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "tag-stacking" option to "Bridge/Ports";
*) winbox - allow to specify LTE interface when sending SMS;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed "bad-blocks" value presence under "System/Resources";
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "IP/IPsec/Peers" section sorting;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - require "sniff" policy for wireless sniffer;
*) wireless - updated "czech republic" regulatory domain information;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.43
2018-09-10
What's new in 6.43 (2018-Sep-06 12:44):
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - added support for BPDU Guard;
*) bridge - added support for DHCP Option 82;
*) bridge - added support for DHCP Snooping;
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - added ability to use chain 3 for "HT TX chains" and "HT RX chains" selections (CLI only);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) certificate - fixed RA "server-url" setting;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) cloud - close local UDP port if no activity;
*) console - added "dont-require-permissions" parameter for scripts;
*) console - added error log message when netwatch tries to execute script with insufficient permissions;
*) console - added error log message when scheduler tries to execute script with insufficient permissions;
*) console - do not show spare parameters on ping command;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - added Q-in-Q hardware offloading support;
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-client - improved dynamic IPv6 pool addition process;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dns - fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - added missing parameters from export;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "static-dns" value storing;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500;
*) led - improved w60g alignment trigger;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command;
*) lte - added "sector-id" to info command;
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed LTE registration in 2G/3G mode;
*) lte - fixed SIM7600 registration info;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc";
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - improved reliability when connecting from RouterOS versions prior 6.43;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) ospf - improved stability when originating LSAs with OSPFv3;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - added support for Alfa Network U4G modem;
*) ppp - added support for Telit LM940 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added EAP identity to CAPsMAN registration table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed interface speed reporting for predefined rates;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "files" section to supout file;
*) supout - added info log message when supout file is created;
*) supout - added monitored bridge VLAN table to supout file;
*) supout - added "w60g" section to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) tr069-client - use SNI extension for HTTPS;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
*) ups - improved UPS serial parsing stability;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) watchdog - added "ping-timeout" setting;
*) webfig - do not automatically re-log in after logging out;
*) webfig - fixed occasional authentication failure when logging in;
*) webfig - fixed www service becoming unresponsive;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly handle double clicking when logging in or out;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "tag-stacking" option to "Bridge/Ports";
*) winbox - allow to specify LTE interface when sending SMS;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed "bad-blocks" value presence under "System/Resources";
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "IP/IPsec/Peers" section sorting;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - require "sniff" policy for wireless sniffer;
*) wireless - updated "czech republic" regulatory domain information;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
MAJOR CHANGES IN v6.43:
----------------------
!) api - changed authentication process (https://wiki.mikrotik.com/wiki/Manual:API#Initial_login);
!) backup - do not encrypt backup file unless password is provided;
!) btest - requires at least v6.43 Bandwidth Test client when connecting to v6.43 or later version server except when authentication is not required;
!) cloud - added IPv6 support;
!) cloud - added support for licensed CHR instances (including trial);
!) cloud - reworked "/ip cloud ddns-enabled" implementation (suggested to disable service and re-enable after installation process);
!) radius - use MS-CHAPv2 for "login" service authentication;
!) romon - require at least v6.43 RoMON agent when connecting to v6.43 or later RoMON client device;
!) webfig - improved authentication process;
!) winbox - improved authentication process excluding man-in-the-middle possibility;
!) winbox - minimal required version is v3.15;
----------------------
Changes in this release:
*) backup - added support for new backup file encryption (AES128-CTR) with signatures (SHA256);
*) backup - generate proper file name when devices identity is longer than 32 symbols;
*) bridge - add dynamic CAP interface to tagged ports if "vlan-mode=use-tag" is enabled;
*) bridge - added an option to manually specify ports that have a multicast router (CLI only);
*) bridge - added a warning when untrusted port receives a DHCP Server message when DCHP Snooping is enabled;
*) bridge - added ingress filtering options to bridge interface;
*) bridge - added initial Q-in-Q support;
*) bridge - added more options to fine-tune IGMP Snooping enabled bridges (CLI only);
*) bridge - added per-port based "tag-stacking" feature;
*) bridge - added support for BPDU Guard;
*) bridge - added support for DHCP Option 82;
*) bridge - added support for DHCP Snooping;
*) bridge - added support for IGMP Snooping fast-leave feature (CLI only);
*) bridge - fixed dynamic VLAN table entries when using ingress filtering;
*) bridge - fixed "ingress-filtering", "frame-types" and "tag-stacking" value storing;
*) bridge - forward LACPDUs when "protocol-mode=none";
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) bridge - improved packet handling;
*) bridge - improved packet processing when bridge port changes states;
*) bridge - improved performance when bridge VLAN filtering is used without hardware offloading;
*) bridge - renamed option "vlan-protocol" to "ether-type";
*) capsman - added ability to use chain 3 for "HT TX chains" and "HT RX chains" selections (CLI only);
*) capsman - allow to change "radio-name" (CLI only);
*) capsman - increase timeout for the CAP to CAPsMAN communication;
*) certificate - added "expires-after" parameter;
*) certificate - do not allow to perform "undo" on certificate changes;
*) certificate - fixed RA "server-url" setting;
*) check-installation - improved system integrity checking;
*) chr - added checksum offload support for Hyper-V installations;
*) chr - added large send offload support for Hyper-V installations;
*) chr - added multiqueue support on Xen installations;
*) chr - added support for multiqueue feature on "virtio-net";
*) chr - added virtual Receive Side Scaling support for Hyper-V installations (might require more RAM assigned than in previous versions);
*) chr - by default enable link state tracking for virtual drivers with "/interface ethernet disable-running-check=no";
*) chr - do not show IRQ entries from removed devices;
*) chr - fixed interface name assign process when running CHR on Hyper-V;
*) chr - fixed interface name order when "virtio-net is not being used on KVM installations;
*) chr - fixed MTU changing process when running CHR on Hyper-V;
*) chr - fixed NIC hotplug for "virtio-net";
*) chr - improved balooning process;
*) chr - improved boot time for Hyper-V installations;
*) chr - provide part of network interface GUID at the beginning of "bindstr2" value when running CHR on Hyper-V;
*) chr - reduced RAM memory required per interface;
*) cloud - added simultaneous IPv4/IPv6 support;
*) cloud - close local UDP port if no activity;
*) console - added "dont-require-permissions" parameter for scripts;
*) console - added error log message when netwatch tries to execute script with insufficient permissions;
*) console - added error log message when scheduler tries to execute script with insufficient permissions;
*) console - do not show spare parameters on ping command;
*) console - made "once" parameter mandatory when using "as-value" on "monitor" commands;
*) console - removed automatic swapping of "from=" and "to=" in "for" loops;
*) crs317 - fixed Ethernet inteface stuck on 100 Mbps speed;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) crs328 - fixed transmit on sfp-sfpplus1 and sfp-sfpplus2 interfaces;
*) crs3xx - added hardware support for DHCP Snooping and Option 82;
*) crs3xx - added Q-in-Q hardware offloading support;
*) crs3xx - do not report SFP interface as running when interface on opposite side is disabled;
*) crs3xx - fixed ACL rate rules (introduced in v6.41rc27);
*) crs3xx - fixed flow control;
*) crs3xx - fixed SwOS config import;
*) defconf - fixed default configuration for RBSXTsq5nD;
*) defconf - fixed missing bridge ports after configuration reset;
*) dhcp - added dynamic IPv4/IPv6 "dual-stack" simple queue support, based on client's MAC address;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-client - fixed DHCP client that was stuck on invalid state;
*) dhcpv4-client - fixed double ACK packet handling;
*) dhcpv4-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv4-server - do not allow override lease "always-broadcast" value based on offer type;
*) dhcpv4-server - improved performance when "rate-limit" and/or "address-list" setting is present;
*) dhcpv6-client - added missing "Server identifier" parameter in release message;
*) dhcpv6-client - fixed "add-default-route" parameter;
*) dhcpv6-client - fixed option handling;
*) dhcpv6-client - improved dynamic IPv6 pool addition process;
*) dhcpv6-server - added additional RADIUS parameters for Prefix delegation, "rate-limit" and "life-time";
*) dhcpv6-server - added "allow-dual-stack-queue" implementation (CLI only);
*) dhcpv6-server - added initial dynamic simple queue support;
*) dhcpv6-server - do not allow to run DHCPv6 server on slave interface;
*) dhcpv6-server - fixed dynamic simple queue creation for RADIUS bindings;
*) dns - fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
*) dude - fixed client auto upgrade (broken since 6.43rc17);
*) ethernet - do not show "combo-state" field if interface is not SFP or copper;
*) ethernet - properly handle Ethernet interface default configuration;
*) export - do not show w60g password on "hide-sensitive" type of export;
*) fetch - added "as-value" output format;
*) fetch - fixed address and DNS verification in certificates;
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) filesystem - improved software crash handling on devices with FLASH type memory;
*) health - added missing parameters from export;
*) health - fixed voltage measurements for RB493G devices;
*) health - improved speed of health measurement readings;
*) hotspot - allow to properly configure Hotspot directory on external disk for devices that have flash type storage;
*) hotspot - fixed RADIUS CoA & PoD by allowing to accept "NAS-Port-Id";
*) ike1 - added unsafe configuration warning for main mode with pre-shared-key authentication;
*) ike1 - purge both SAs when timer expires;
*) ike1 - zero out reserved bytes in NAT-OA payload;
*) ike2 - fixed initiator first policy selection;
*) ike2 - fixed rekeyed child deletion during another exchange;
*) ike2 - improved basic exchange logging readability;
*) ike2 - use "/32" netmask by default on initiator if not provided by responder;
*) interface - improved interface "last-link-down-time" and "last-link-up-time" values;
*) interface - improved reliability on dynamic interface handling;
*) ippool - improved used address error message;
*) ipsec - added "responder" parameter for "mode-config" to allow multiple initiator configurations;
*) ipsec - added "src-address-list" parameter for "mode-config" that generates dynamic "src-nat" rule;
*) ipsec - added warning messages for incorrect peer configuration;
*) ipsec - do not allow removal of "proposal" and "mode-config" entries that are in use;
*) ipsec - fixed AES-192-CTR fallback to software AEAD on ARM devices with wireless and RB3011UiAS-RM;
*) ipsec - fixed AES-CTR and AES-GCM key size proposing as initiator;
*) ipsec - fixed "static-dns" value storing;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved reliability on generated policy addition when IKEv1 or IKEv2 used;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) ipsec - install all DNS server addresses provided by "mode-config" server;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - separate phase1 proposal configuration from peer menu;
*) ipsec - use monotonic timer for SA lifetime check;
*) kidcontrol - allow to edit discovered devices;
*) l2tp - allow setting "max-mtu" and "max-mru" bigger than 1500;
*) led - improved w60g alignment trigger;
*) leds - fixed LED behaviour when bonding is configured on SFP+ interfaces;
*) log - fixed false log warnings about system status after power on for CRS328-4C-20S-4S+;
*) log - show interface name on OSPF "different MTU" info log messages;
*) lte - added additional D-Link PIDs;
*) lte - added additional ID support for SIM7600 modem;
*) lte - added additional low endpoint SIM7600 PIDs;
*) lte - added eNB ID to info command;
*) lte - added extended LTE signal info for SIM7600 modules;
*) lte - added extended signal information for Quectel LTE EC25 and EP06 modem;
*) lte - added ICCID reading for info command R11e-LTE and R11e-LTE-US;
*) lte - added "registration-status" parameter under "/interface lte info" command;
*) lte - added roaming status reading for info command;
*) lte - added "sector-id" to info command;
*) lte - added support for alternative SIM7600 PID;
*) lte - added support for Novatel USB730LN modem with new ID;
*) lte - added support for Quanta 1k6e modem;
*) lte - allow to execute concurrent internal AT commands;
*) lte - allow to use multiple PLS modems at the same time;
*) lte - do not allow to remove default APN profile;
*) lte - do not allow to send "at-chat" commands for configless modems;
*) lte - expose GPS channel for PLS modems;
*) lte - fixed LTE registration in 2G/3G mode;
*) lte - fixed SIM7600 registration info;
*) lte - fixed SIM7600 series module support with newer device IDs;
*) lte - ignore empty MAC addresses during Passthrough discovery phase;
*) lte - improved modem event processing;
*) lte - improved r11e-LTE and r11e-LTE-US dialling process;
*) lte - improved r11e-LTE configuration exchange process;
*) lte - improved reading of SMS message after entering running state;
*) lte - improved readings of info command results for the SXT LTE;
*) lte - improved stability of USB LTE interface detection process;
*) lte - properly detect interface state when running for IPv6 only connection for R11e-LTE modem;
*) lte - renamed LTE scan tool field "scan-code" to "mcc-mnc";
*) lte - show UICC in correct format for SXT LTE devices;
*) lte - use "/32" address for the Passthrough feature when R11e-LTE module is used;
*) lte - use alphanumeric operator format in info command;
*) mac-telnet - improved reliability when connecting from RouterOS versions prior 6.43;
*) multicast - allow to add more than one RP per IP address for PIM;
*) ntp - allow to specify link-local address for NTP server;
*) ospf - improved link-local LSA flooding;
*) ospf - improved stability when originating LSAs with OSPFv3;
*) package - renamed "current-version" to "installed-version" under "/system package install";
*) ppp - added support for additional ID for E3531 modem;
*) ppp - added support for Alfa Network U4G modem;
*) ppp - added support for Telit LM940 modem;
*) ppp - improved modem mode switching;
*) ppp - show comments from "/ppp secrets" menu within "/ppp active" menu when client is connected;
*) quickset - recognize 160 MHz channel as HomeAP mode;
*) rb1100ahx4 - added DES and 3DES hardware acceleration support;
*) romon - fixed RoMON services becoming unavailable after disabled once during active scanning process;
*) romon - properly classify RoMON sessions in log and active users list;
*) routerboard - allow to fill up to half of the RAM memory with files on devices with FLASH storage;
*) routerboard - fixed "protected-routerboot" feature (introduced in v6.42);
*) routerboard - fixed wrongly reported RAM size on ARM devices;
*) routerboot - removed RAM test from TILE devices (routerboot upgrade required);
*) sfp - fixed default advertised link speeds;
*) smb - fixed valid request handling when additional options are used;
*) sms - converted "keep-max-sms" feature to "auto-erase";
*) sms - do not require "port" and "interface" parameters when sending SMS if already present in configuration;
*) sms - improved reliability on SMS reader;
*) snmp - added CAPsMAN "remote-cap" table;
*) snmp - added EAP identity to CAPsMAN registration table;
*) snmp - added "phy-rate" reading for "station-bridge" mode;
*) snmp - added "temp-exception" trap;
*) snmp - fixed interface speed reporting for predefined rates;
*) snmp - fixed "remote-cap" peer MAC address format;
*) ssh - disconnect all active connections when device gets rebooted or turned off;
*) ssh - strengthen strong-crypto (add aes-128-ctr and disallow hmac sha1 and groups with sha1);
*) supout - added "files" section to supout file;
*) supout - added info log message when supout file is created;
*) supout - added monitored bridge VLAN table to supout file;
*) supout - added "w60g" section to supout file;
*) switch - added CPU Flow Control settings for devices with a Atheros8227, QCA8337, Atheros8327, Atheros7240 or Atheros8316 switch chip;
*) switch - added support for port isolation by switch chip;
*) switch - fixed possible switch chip hangs after initialization on MediaTek and Atheros8327 switch chips;
*) swos - implemented "/system swos" menu that allows to upgrade, reset, save or load configuration and change address for dual-boot CRS devices (CLI only);
*) tile - added DES and 3DES hardware acceleration support;
*) tile - fixed false HW offloading flag for MPLS;
*) tr069-client - allow editing of "provisioning-code" attribute;
*) tr069-client - fixed setting of "DeviceInfo.ProvisioningCode" parameter;
*) tr069-client - use SNI extension for HTTPS;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
*) ups - improved UPS serial parsing stability;
*) usb - fixed modem initialisation on LtAP mini;
*) usb - fixed power-reset for hAP ac^2 devices;
*) user - all passwords are now hashed and encrypted, plaintext passwords are kept for downgrade (will be removed in later upgrades);
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) vrrp - improved reliability on VRRP interface configured as a bridge port when "use-ip-firewall" is enabled;
*) w60g - added "beamforming-event" stats counter;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) watchdog - added "ping-timeout" setting;
*) webfig - do not automatically re-log in after logging out;
*) webfig - fixed occasional authentication failure when logging in;
*) webfig - fixed www service becoming unresponsive;
*) webfig - properly display time interval within Kid Control menu;
*) webfig - properly handle double clicking when logging in or out;
*) webfig - properly show NTP clients "last-adjustment" value;
*) winbox - added bridge Fast Forward statistics counters;
*) winbox - added "poe-fault" LED trigger;
*) winbox - added "tag-stacking" option to "Bridge/Ports";
*) winbox - allow to specify LTE interface when sending SMS;
*) winbox - fixed arrow key handling within table filter fields;
*) winbox - fixed "bad-blocks" value presence under "System/Resources";
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - fixed "IP/IPsec/Peers" section sorting;
*) winbox - fixed "write-sect-since-reboot" value presence under "System/Resources";
*) winbox - properly close session when uploading multiple files to the device at the same time;
*) winbox - removed duplicate "20/40/80MHz" value from "channel-width" setting options;
*) winbox - renamed "VLAN Protocol" to "EtherType" under bridge interface "VLAN" tab;
*) winbox - show HT MCS tab when "5ghz-n/ac" band is used;
*) winbox - show "Switch" menu on hAP ac^2 devices;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - added "czech republic 5.8" regulatory domain information;
*) wireless - added "etsi2" regulatory domain information;
*) wireless - added option for RADIUS "called-station-id" format selection;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - do not disconnect clients when WDS master connects with MAC address "00:00:00:00:00:00";
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
*) wireless - fixed wireless interface lockup after period of inactivity;
*) wireless - improved Nv2 reliability on ARM devices;
*) wireless - improved Nv2 stability for 802.11n interfaces on RB953, hAP ac and wAP ac devices;
*) wireless - require "sniff" policy for wireless sniffer;
*) wireless - updated "czech republic" regulatory domain information;
*) wireless - updated "germany 5.8 ap" and "germany 5.8 fixed p-p" regulatory domain information;
*) x86 - improved Ethernet driver for Davicom DM9x0x;
Версия 6.42.7
2018-08-20
What's new in 6.42.7 (2018-Aug-17 09:48):
MAJOR CHANGES IN v6.42.7:
----------------------
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
----------------------
*) bridge - improved bridge port state changing process;
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding without VLAN filtering (introduced in 6.42.6);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) ppp - fixed interface enabling after a while if none of them where active;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - updated "united-states" regulatory domain information;
MAJOR CHANGES IN v6.42.7:
----------------------
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
----------------------
*) bridge - improved bridge port state changing process;
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding without VLAN filtering (introduced in 6.42.6);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) ppp - fixed interface enabling after a while if none of them where active;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - updated "united-states" regulatory domain information;
Версия 6.42.7
2018-08-20
What's new in 6.42.7 (2018-Aug-17 09:48):
MAJOR CHANGES IN v6.42.7:
----------------------
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
----------------------
*) bridge - improved bridge port state changing process;
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding without VLAN filtering (introduced in 6.42.6);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) ppp - fixed interface enabling after a while if none of them where active;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - updated "united-states" regulatory domain information;
MAJOR CHANGES IN v6.42.7:
----------------------
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
----------------------
*) bridge - improved bridge port state changing process;
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding without VLAN filtering (introduced in 6.42.6);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) ppp - fixed interface enabling after a while if none of them where active;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - updated "united-states" regulatory domain information;
Версия 6.42.7
2018-08-20
What's new in 6.42.7 (2018-Aug-17 09:48):
MAJOR CHANGES IN v6.42.7:
----------------------
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
----------------------
*) bridge - improved bridge port state changing process;
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding without VLAN filtering (introduced in 6.42.6);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) ppp - fixed interface enabling after a while if none of them where active;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - updated "united-states" regulatory domain information;
MAJOR CHANGES IN v6.42.7:
----------------------
!) security - fixed vulnerabilities CVE-2018-1156, CVE-2018-1157, CVE-2018-1158, CVE-2018-1159;
----------------------
*) bridge - improved bridge port state changing process;
*) crs326/crs328 - fixed untagged packet forwarding through tagged ports when pvid=1;
*) crs3xx - added command that forces fan detection on fan-equipped devices;
*) crs3xx - fixed port disable on CRS326 and CRS328 devices;
*) crs3xx - fixed tagged packet forwarding without VLAN filtering (introduced in 6.42.6);
*) crs3xx - fixed VLAN filtering when there is no tagged interface specified;
*) dhcpv4-relay - fixed false invalid flag presence;
*) dhcpv6-client - allow to set "default-route-distance";
*) dhcpv6 - improved reliability on IPv6 DHCP services;
*) dhcpv6-server - properly update interface for dynamic DHCPv6 servers;
*) ethernet - improved large packet handling on ARM devices with wireless;
*) ethernet - removed obsolete slave flag from "/interface vlan" menu;
*) ipsec - fixed "sa-src-address" deduction from "src-address" in tunnel mode;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ldp - properly load LDP configuration;
*) led - fixed default LED configuration for RBLHGG-5acD-XL devices;
*) lte - added signal readings under "/interface lte scan" for 3G and GSM modes;
*) lte - fixed memory leak on USB disconnect;
*) lte - fixed SMS send feature when not in LTE network;
*) package - do not allow to install out of bundle package if it already exists within bundle;
*) ppp - fixed interface enabling after a while if none of them where active;
*) sfp - hide "sfp-wavelength" parameter for RJ45 transceivers;
*) tr069-client - fixed unresponsive tr069 service when blackhole route is present;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5;
*) userman - fixed compatibility with PayPal TLS 1.2;
*) vrrp - fixed VRRP packet processing on VirtualBox and VMWare hypervisors;
*) w60g - added distance measurement feature;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) w60g - improved MCS rate detection process;
*) w60g - improved MTU change handling;
*) w60g - properly close connection with station on disconnect;
*) w60g - stop doing distance measurements after first successful measurement;
*) winbox - added "secondary-channel" setting to wireless interface if 80 MHz mode is selected;
*) winbox - fixed "sfp-connector-type" value presence under "Interface/Ethernet";
*) winbox - fixed warning presence for "IP/IPsec/Peers" menu;
*) winbox - properly display all flags for bridge host entries;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - added option to disable PMKID for WPA2;
*) wireless - fixed memory leak when performing wireless scan on ARM;
*) wireless - fixed packet processing after removing wireless interface from CAP settings;
*) wireless - updated "united-states" regulatory domain information;
Версия 6.42.6
2018-07-12
What's new in 6.42.6 (2018-Jul-06 11:56):
*) bridge - improved packets processing when bridge port changes states;
*) crs3xx - fixed bonding slave failover when packets are sent out of the bridge interface;
*) crs3xx - fixed LACP member failover;
*) crs3xx - improved link state detection when one side has disabled interface;
*) defconf - fixed bridge default configuration for SOHO devices with more than 9 Ethernet interfaces;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) snmp - fixed w60g "phy-rate" readings;
*) supout - added "ip-cloud" section to supout file;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) winbox - added 64,8 GHz frequency to w60g interface frequency settings;
*) winbox - show "sector-writes" on devices that have such counters;
*) bridge - improved packets processing when bridge port changes states;
*) crs3xx - fixed bonding slave failover when packets are sent out of the bridge interface;
*) crs3xx - fixed LACP member failover;
*) crs3xx - improved link state detection when one side has disabled interface;
*) defconf - fixed bridge default configuration for SOHO devices with more than 9 Ethernet interfaces;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) snmp - fixed w60g "phy-rate" readings;
*) supout - added "ip-cloud" section to supout file;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) winbox - added 64,8 GHz frequency to w60g interface frequency settings;
*) winbox - show "sector-writes" on devices that have such counters;
Версия 6.42.6
2018-07-12
What's new in 6.42.6 (2018-Jul-06 11:56):
*) bridge - improved packets processing when bridge port changes states;
*) crs3xx - fixed bonding slave failover when packets are sent out of the bridge interface;
*) crs3xx - fixed LACP member failover;
*) crs3xx - improved link state detection when one side has disabled interface;
*) defconf - fixed bridge default configuration for SOHO devices with more than 9 Ethernet interfaces;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) snmp - fixed w60g "phy-rate" readings;
*) supout - added "ip-cloud" section to supout file;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) winbox - added 64,8 GHz frequency to w60g interface frequency settings;
*) winbox - show "sector-writes" on devices that have such counters;
*) bridge - improved packets processing when bridge port changes states;
*) crs3xx - fixed bonding slave failover when packets are sent out of the bridge interface;
*) crs3xx - fixed LACP member failover;
*) crs3xx - improved link state detection when one side has disabled interface;
*) defconf - fixed bridge default configuration for SOHO devices with more than 9 Ethernet interfaces;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) snmp - fixed w60g "phy-rate" readings;
*) supout - added "ip-cloud" section to supout file;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) winbox - added 64,8 GHz frequency to w60g interface frequency settings;
*) winbox - show "sector-writes" on devices that have such counters;
Версия 6.42.6
2018-07-12
What's new in 6.42.6 (2018-Jul-06 11:56):
*) bridge - improved packets processing when bridge port changes states;
*) crs3xx - fixed bonding slave failover when packets are sent out of the bridge interface;
*) crs3xx - fixed LACP member failover;
*) crs3xx - improved link state detection when one side has disabled interface;
*) defconf - fixed bridge default configuration for SOHO devices with more than 9 Ethernet interfaces;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) snmp - fixed w60g "phy-rate" readings;
*) supout - added "ip-cloud" section to supout file;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) winbox - added 64,8 GHz frequency to w60g interface frequency settings;
*) winbox - show "sector-writes" on devices that have such counters;
*) bridge - improved packets processing when bridge port changes states;
*) crs3xx - fixed bonding slave failover when packets are sent out of the bridge interface;
*) crs3xx - fixed LACP member failover;
*) crs3xx - improved link state detection when one side has disabled interface;
*) defconf - fixed bridge default configuration for SOHO devices with more than 9 Ethernet interfaces;
*) package - free up used storage space consumed by old RouterOS upgrades;
*) snmp - fixed w60g "phy-rate" readings;
*) supout - added "ip-cloud" section to supout file;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) winbox - added 64,8 GHz frequency to w60g interface frequency settings;
*) winbox - show "sector-writes" on devices that have such counters;
Версия 6.42.5
2018-06-27
What's new in 6.42.5 (2018-Jun-26 12:12):
*) api - properly classify API sessions in log;
*) chr - enabled promiscuous mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) kidcontrol - added dynamic accept firewall rules to allow bandwidth limit when FastTrack is enabled;
*) led - fixed LED default configuration for LtAP mini;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) snmp - added station "distance", "phy-rate", "rssi" value support for w60g type interfaces;
*) ssh - allow to use "diffie-hellman-group1-sha1" on TILE and x86 devices with "strong-crypto" disabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement;
*) w60g - do not reset interface after adding comment;
*) w60g - general stability and performance improvements;
*) w60g - improved maximum achievable distance;
*) w60g - properly report center status under "tx-sector-info";
*) winbox - show "sector-writes" on ARM devices that have such counters;
*) winbox - show "System/Health" only on devices that have health monitoring;
*) api - properly classify API sessions in log;
*) chr - enabled promiscuous mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) kidcontrol - added dynamic accept firewall rules to allow bandwidth limit when FastTrack is enabled;
*) led - fixed LED default configuration for LtAP mini;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) snmp - added station "distance", "phy-rate", "rssi" value support for w60g type interfaces;
*) ssh - allow to use "diffie-hellman-group1-sha1" on TILE and x86 devices with "strong-crypto" disabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement;
*) w60g - do not reset interface after adding comment;
*) w60g - general stability and performance improvements;
*) w60g - improved maximum achievable distance;
*) w60g - properly report center status under "tx-sector-info";
*) winbox - show "sector-writes" on ARM devices that have such counters;
*) winbox - show "System/Health" only on devices that have health monitoring;
Версия 6.42.5
2018-06-27
What's new in 6.42.5 (2018-Jun-26 12:12):
*) api - properly classify API sessions in log;
*) chr - enabled promiscuous mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) kidcontrol - added dynamic accept firewall rules to allow bandwidth limit when FastTrack is enabled;
*) led - fixed LED default configuration for LtAP mini;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) snmp - added station "distance", "phy-rate", "rssi" value support for w60g type interfaces;
*) ssh - allow to use "diffie-hellman-group1-sha1" on TILE and x86 devices with "strong-crypto" disabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement;
*) w60g - do not reset interface after adding comment;
*) w60g - general stability and performance improvements;
*) w60g - improved maximum achievable distance;
*) w60g - properly report center status under "tx-sector-info";
*) winbox - show "sector-writes" on ARM devices that have such counters;
*) winbox - show "System/Health" only on devices that have health monitoring;
*) api - properly classify API sessions in log;
*) chr - enabled promiscuous mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) kidcontrol - added dynamic accept firewall rules to allow bandwidth limit when FastTrack is enabled;
*) led - fixed LED default configuration for LtAP mini;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) snmp - added station "distance", "phy-rate", "rssi" value support for w60g type interfaces;
*) ssh - allow to use "diffie-hellman-group1-sha1" on TILE and x86 devices with "strong-crypto" disabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement;
*) w60g - do not reset interface after adding comment;
*) w60g - general stability and performance improvements;
*) w60g - improved maximum achievable distance;
*) w60g - properly report center status under "tx-sector-info";
*) winbox - show "sector-writes" on ARM devices that have such counters;
*) winbox - show "System/Health" only on devices that have health monitoring;
Версия 6.42.5
2018-06-27
What's new in 6.42.5 (2018-Jun-26 12:12):
*) api - properly classify API sessions in log;
*) chr - enabled promiscuous mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) kidcontrol - added dynamic accept firewall rules to allow bandwidth limit when FastTrack is enabled;
*) led - fixed LED default configuration for LtAP mini;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) snmp - added station "distance", "phy-rate", "rssi" value support for w60g type interfaces;
*) ssh - allow to use "diffie-hellman-group1-sha1" on TILE and x86 devices with "strong-crypto" disabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement;
*) w60g - do not reset interface after adding comment;
*) w60g - general stability and performance improvements;
*) w60g - improved maximum achievable distance;
*) w60g - properly report center status under "tx-sector-info";
*) winbox - show "sector-writes" on ARM devices that have such counters;
*) winbox - show "System/Health" only on devices that have health monitoring;
*) api - properly classify API sessions in log;
*) chr - enabled promiscuous mode (requires to be enabled on host as well) when running CHR on Hyper-V;
*) kidcontrol - added dynamic accept firewall rules to allow bandwidth limit when FastTrack is enabled;
*) led - fixed LED default configuration for LtAP mini;
*) snmp - added "rssi" and "tx-sector-info" value support for w60g type interfaces;
*) snmp - added station "distance", "phy-rate", "rssi" value support for w60g type interfaces;
*) ssh - allow to use "diffie-hellman-group1-sha1" on TILE and x86 devices with "strong-crypto" disabled;
*) w60g - added 4th 802.11ad channel (CLI only);
*) w60g - added distance measurement;
*) w60g - do not reset interface after adding comment;
*) w60g - general stability and performance improvements;
*) w60g - improved maximum achievable distance;
*) w60g - properly report center status under "tx-sector-info";
*) winbox - show "sector-writes" on ARM devices that have such counters;
*) winbox - show "System/Health" only on devices that have health monitoring;
Версия 6.42.4
2018-06-19
What's new in 6.42.4 (2018-Jun-15 14:14):
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ipsec - improved reliability on IPsec hardware encryption for RB1100Dx4;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - added "dark-mode" functionality for hEX S and SXTsq 5 ac devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - use routers uptime as a starting point when turning off LEDs if option was not enabled on boot;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) supout - added "partitions" section to supout file;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) userman - improved unique username generation process when adding batch of users;
*) w60g - improved RAM memoy allocation processes;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - show "scep-url" for certificates;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved Nv2 reliability on ARM devices;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ipsec - improved reliability on IPsec hardware encryption for RB1100Dx4;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - added "dark-mode" functionality for hEX S and SXTsq 5 ac devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - use routers uptime as a starting point when turning off LEDs if option was not enabled on boot;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) supout - added "partitions" section to supout file;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) userman - improved unique username generation process when adding batch of users;
*) w60g - improved RAM memoy allocation processes;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - show "scep-url" for certificates;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved Nv2 reliability on ARM devices;
Версия 6.42.4
2018-06-19
What's new in 6.42.4 (2018-Jun-15 14:14):
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ipsec - improved reliability on IPsec hardware encryption for RB1100Dx4;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - added "dark-mode" functionality for hEX S and SXTsq 5 ac devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - use routers uptime as a starting point when turning off LEDs if option was not enabled on boot;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) supout - added "partitions" section to supout file;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) userman - improved unique username generation process when adding batch of users;
*) w60g - improved RAM memoy allocation processes;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - show "scep-url" for certificates;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved Nv2 reliability on ARM devices;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ipsec - improved reliability on IPsec hardware encryption for RB1100Dx4;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - added "dark-mode" functionality for hEX S and SXTsq 5 ac devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - use routers uptime as a starting point when turning off LEDs if option was not enabled on boot;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) supout - added "partitions" section to supout file;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) userman - improved unique username generation process when adding batch of users;
*) w60g - improved RAM memoy allocation processes;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - show "scep-url" for certificates;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved Nv2 reliability on ARM devices;
Версия 6.42.4
2018-06-19
What's new in 6.42.4 (2018-Jun-15 14:14):
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ipsec - improved reliability on IPsec hardware encryption for RB1100Dx4;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - added "dark-mode" functionality for hEX S and SXTsq 5 ac devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - use routers uptime as a starting point when turning off LEDs if option was not enabled on boot;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) supout - added "partitions" section to supout file;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) userman - improved unique username generation process when adding batch of users;
*) w60g - improved RAM memoy allocation processes;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - show "scep-url" for certificates;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved Nv2 reliability on ARM devices;
*) bridge - allow to make changes for bridge port when it is interface list;
*) bridge - fixed FastPath for bridge master interfaces (introduced in v6.42);
*) certificate - fixed "add-scep" template existence check when signing certificate;
*) chr - fixed adding MSTI entries;
*) chr - fixed boot on hosts older than Windows Server 2012 when running CHR on Hyper-V;
*) chr - fixed various network hang scenarios when running CHR on Hyper-V;
*) console - fixed script permissions if script is executed by other RouterOS service;
*) dhcpv4-server - fixed DHCP server that was stuck on invalid state;
*) health - changed "PSU-Voltage" to "PSU-State" for CRS328-4C-20S-4S+;
*) health - fixed incorrect PSU index for CRS328-4C-20S-4S+;
*) ipsec - improved reliability on IPsec hardware encryption for RB1100Dx4;
*) kidcontrol - fixed dynamically created firewall rules order;
*) led - added "dark-mode" functionality for hEX S and SXTsq 5 ac devices;
*) led - fixed CCR1016-12S-1S+ LED behaviour after Netinstall (introduced in v6.41rc58);
*) led - use routers uptime as a starting point when turning off LEDs if option was not enabled on boot;
*) ppp - fixed "hunged up" grammar to "hung up" within PPP log messages;
*) quickset - added missing wireless "channel-width" settings;
*) quickset - added support for "5ghz-a/n" band when CPE mode is used;
*) snmp - added remote CAP count OID for CAPsMAN;
*) snmp - fixed readings for CAPsMAN slave interfaces;
*) supout - added "partitions" section to supout file;
*) usb - properly detect USB 3.0 flash on RBM33G when jumper is removed;
*) userman - improved unique username generation process when adding batch of users;
*) w60g - improved RAM memoy allocation processes;
*) winbox - added missing "dscp" and "clamp-tcp-mss" settings to IPv6 tunnels;
*) winbox - allow to specify full URL in SCEP certificate signing process;
*) winbox - by default specify keepalive timeout value for tunnel type interfaces;
*) winbox - show "scep-url" for certificates;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show firmware upgrade message at the bottom of "System/RouterBOARD" menu;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - improved Nv2 reliability on ARM devices;
Версия 6.42.3
2018-05-25
What's new in 6.42.3 (2018-May-24 09:20):
*) lte - fixed automatic LTE band selection for R11e-LTE;
*) wireless - improved client "channel-width" detection;
*) wireless - improved Nv2 PtMP performance;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
*) lte - fixed automatic LTE band selection for R11e-LTE;
*) wireless - improved client "channel-width" detection;
*) wireless - improved Nv2 PtMP performance;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
Версия 6.42.3
2018-05-25
What's new in 6.42.3 (2018-May-24 09:20):
*) lte - fixed automatic LTE band selection for R11e-LTE;
*) wireless - improved client "channel-width" detection;
*) wireless - improved Nv2 PtMP performance;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
*) lte - fixed automatic LTE band selection for R11e-LTE;
*) wireless - improved client "channel-width" detection;
*) wireless - improved Nv2 PtMP performance;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
Версия 6.42.3
2018-05-25
What's new in 6.42.3 (2018-May-24 09:20):
*) lte - fixed automatic LTE band selection for R11e-LTE;
*) wireless - improved client "channel-width" detection;
*) wireless - improved Nv2 PtMP performance;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
*) lte - fixed automatic LTE band selection for R11e-LTE;
*) wireless - improved client "channel-width" detection;
*) wireless - improved Nv2 PtMP performance;
*) wireless - increased stability on hAP ac^2 and cAP ac with legacy data rates;
Версия 6.42.2
2018-05-17
What's new in 6.42.2 (2018-May-17 09:20):
*) bridge - do not allow to add same interface list to bridge more than once;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.42.1);
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) defconf - fixed wAP LTE kit default configuration;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv4-client - fixed DHCP client stuck in renewing state;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) filesystem - fixed NAND memory going into read-only mode;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behaviour;
*) interface - fixed interface list which include disabled member;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed interface configuration responsiveness;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - improved reliability on IPsec hardware encryption for ARM devices except RB1100Dx4;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) lte - improved LTE communication process on MMIPS platform devices;
*) quickset - fixed dual radio mode detection process;
*) routerboard - properly represent board name for hAP ac^2;
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) x86 - fixed reboot caused by MAC Winbox connection;
*) bridge - do not allow to add same interface list to bridge more than once;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.42.1);
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) defconf - fixed wAP LTE kit default configuration;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv4-client - fixed DHCP client stuck in renewing state;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) filesystem - fixed NAND memory going into read-only mode;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behaviour;
*) interface - fixed interface list which include disabled member;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed interface configuration responsiveness;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - improved reliability on IPsec hardware encryption for ARM devices except RB1100Dx4;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) lte - improved LTE communication process on MMIPS platform devices;
*) quickset - fixed dual radio mode detection process;
*) routerboard - properly represent board name for hAP ac^2;
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) x86 - fixed reboot caused by MAC Winbox connection;
Версия 6.42.2
2018-05-17
What's new in 6.42.2 (2018-May-17 09:20):
*) bridge - do not allow to add same interface list to bridge more than once;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.42.1);
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) defconf - fixed wAP LTE kit default configuration;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv4-client - fixed DHCP client stuck in renewing state;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) filesystem - fixed NAND memory going into read-only mode;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behaviour;
*) interface - fixed interface list which include disabled member;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed interface configuration responsiveness;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - improved reliability on IPsec hardware encryption for ARM devices except RB1100Dx4;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) lte - improved LTE communication process on MMIPS platform devices;
*) quickset - fixed dual radio mode detection process;
*) routerboard - properly represent board name for hAP ac^2;
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) x86 - fixed reboot caused by MAC Winbox connection;
*) bridge - do not allow to add same interface list to bridge more than once;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.42.1);
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) defconf - fixed wAP LTE kit default configuration;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv4-client - fixed DHCP client stuck in renewing state;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) filesystem - fixed NAND memory going into read-only mode;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behaviour;
*) interface - fixed interface list which include disabled member;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed interface configuration responsiveness;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - improved reliability on IPsec hardware encryption for ARM devices except RB1100Dx4;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) lte - improved LTE communication process on MMIPS platform devices;
*) quickset - fixed dual radio mode detection process;
*) routerboard - properly represent board name for hAP ac^2;
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) x86 - fixed reboot caused by MAC Winbox connection;
Версия 6.42.2
2018-05-17
What's new in 6.42.2 (2018-May-17 09:20):
*) bridge - do not allow to add same interface list to bridge more than once;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.42.1);
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) defconf - fixed wAP LTE kit default configuration;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv4-client - fixed DHCP client stuck in renewing state;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) filesystem - fixed NAND memory going into read-only mode;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behaviour;
*) interface - fixed interface list which include disabled member;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed interface configuration responsiveness;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - improved reliability on IPsec hardware encryption for ARM devices except RB1100Dx4;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) lte - improved LTE communication process on MMIPS platform devices;
*) quickset - fixed dual radio mode detection process;
*) routerboard - properly represent board name for hAP ac^2;
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) x86 - fixed reboot caused by MAC Winbox connection;
*) bridge - do not allow to add same interface list to bridge more than once;
*) bridge - fixed LLDP packet receiving;
*) bridge - fixed processing of fragmented packets when hardware offloading is enabled;
*) console - fixed type "on" and "wireless-status" LED trigger value setting (introduced in v6.42.1);
*) crs317 - fixed link flapping when inserted S+RJ10 module without any cable;
*) defconf - fixed wAP LTE kit default configuration;
*) dhcpv4 - prevent sending out ICMP port unreachable packets;
*) dhcpv4-client - fixed DHCP client stuck in renewing state;
*) dhcpv6-relay - fixed missing configuration after reboot;
*) filesystem - fixed NAND memory going into read-only mode;
*) hotspot - fixed user authentication when queue from old session is not removed yet;
*) interface - fixed "built-in=no" parameter for manually created interface lists;
*) interface - fixed "dynamic" built-in interface list behaviour;
*) interface - fixed interface list which include disabled member;
*) interface - fixed interface list which include/exclude another list;
*) interface - fixed interface configuration responsiveness;
*) ipsec - fixed policies becoming invalid if added after a disabled policy;
*) ipsec - improved reliability on IPsec hardware encryption for ARM devices except RB1100Dx4;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) lte - improved LTE communication process on MMIPS platform devices;
*) quickset - fixed dual radio mode detection process;
*) routerboard - properly represent board name for hAP ac^2;
*) tile - fixed Ethernet interfaces becoming unresponsive;
*) winbox - allow to specify "any" as wireless "access-list" interface;
*) winbox - fixed "/ip dhcp-server network set dns-none" parameter;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed packet processing when "static-algo-0=40bit-wep" is being used (introduced in v6.42);
*) wireless - fixed usage of allowed signal strength values received from RADIUS;
*) wireless - improved wireless throughput on hAP ac^2 and cAP ac;
*) x86 - fixed reboot caused by MAC Winbox connection;
Версия 6.42.1
2018-04-23
What's new in 6.42.1 (2018-Apr-23 10:46):
!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - improved compatibility with BCM chipset devices;
!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - improved compatibility with BCM chipset devices;
Версия 6.42.1
2018-04-23
What's new in 6.42.1 (2018-Apr-23 10:46):
!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - improved compatibility with BCM chipset devices;
!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - improved compatibility with BCM chipset devices;
Версия 6.42.1
2018-04-23
What's new in 6.42.1 (2018-Apr-23 10:46):
!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - improved compatibility with BCM chipset devices;
!) winbox - fixed vulnerability that allowed to gain access to an unsecured router;
*) bridge - fixed hardware offloading for MMIPS and PPC devices;
*) bridge - fixed LLDP packet receiving;
*) crs3xx - fixed failing connections through bonding in bridge;
*) ike2 - use "policy-template-group" parameter when picking proposal as initiator;
*) led - added "dark-mode" functionality for hAP ac and hAP ac^2 devices;
*) led - improved w60g alignment trigger;
*) lte - allow to send "at-chat" command over disabled LTE interface;
*) routerboard - fixed "mode-button" support on hAP lite r2 devices;
*) w60g - allow to manually set "tx-sector" value;
*) w60g - fixed incorrect RSSI readings;
*) w60g - show phy rate on "/interface w60g monitor" (CLI only);
*) winbox - fixed bridge port MAC learning parameter values;
*) winbox - show "Switch" menu on cAP ac devices;
*) winbox - show correct "Switch" menus on CRS328-24P-4S+;
*) wireless - improved compatibility with BCM chipset devices;
Версия 6.42
2018-04-20
What's new in 6.42 (2018-Apr-13 11:03):
!) tile - improved system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for CRS3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge - added per-port learning options;
*) bridge - added support for static hosts;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac^2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface matching by name on VMware installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make Virtio disks visible under "/disk" on KVM installations;
*) chr - run startup scripts on the first boot on AWS and Google Cloud installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot when connected to boot server through CRS326 device;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) crs3xx - added “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) dns - do not generate "Undo" messages on changes to dynamic servers;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - added log warning when switching between redundant power supplies;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) ike2 - fixed framed IP address received from RADIUS server;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ippool6 - added pool name to "no more addresses left" error message;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) ipv6 - fixed IPv6 behaviour when bridge port leaves bridge;
*) ipv6 - update IPv6 DNS from RA only when it is changed;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - added "Dark Mode" support for wAP 60G;
*) led - added w60g alignment trigger;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed LTE band setting for SXT LTE;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - fixed MMIPS RouterOS package description;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - do not show "poe-out-current" on devices which can not determine it;
*) poe - hide PoE related properties on interfaces that does not provide power output;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) quickset - use "/24" subnet for local network by default;
*) r11e-lte - improved LTE connection initialization process;
*) rb1100ahx4 - improved reliability on hardware encryption;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly detect hAP ac^2 RAM size;
*) sniffer - fixed "/tool sniffer packet" results listed in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - fixed SSH service becoming unavailable;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-CRS3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) w60g - added "tx-power" setting (CLI only);
*) w60g - added RSSI information (CLI only);
*) w60g - added TX sector alignment information (CLI only);
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certificate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show dual SIM options only for RouterBOARDS which does have two SIM slots;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RB911-5HnD low transmit power issue;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - fixed wsAP wrong 5 GHz interface MAC address;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless performance on hAP ac^2 devices while USB is being used;
*) wireless - improved wireless scan functionality;
!) tile - improved system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for CRS3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge - added per-port learning options;
*) bridge - added support for static hosts;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac^2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface matching by name on VMware installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make Virtio disks visible under "/disk" on KVM installations;
*) chr - run startup scripts on the first boot on AWS and Google Cloud installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot when connected to boot server through CRS326 device;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) crs3xx - added “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) dns - do not generate "Undo" messages on changes to dynamic servers;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - added log warning when switching between redundant power supplies;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) ike2 - fixed framed IP address received from RADIUS server;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ippool6 - added pool name to "no more addresses left" error message;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) ipv6 - fixed IPv6 behaviour when bridge port leaves bridge;
*) ipv6 - update IPv6 DNS from RA only when it is changed;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - added "Dark Mode" support for wAP 60G;
*) led - added w60g alignment trigger;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed LTE band setting for SXT LTE;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - fixed MMIPS RouterOS package description;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - do not show "poe-out-current" on devices which can not determine it;
*) poe - hide PoE related properties on interfaces that does not provide power output;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) quickset - use "/24" subnet for local network by default;
*) r11e-lte - improved LTE connection initialization process;
*) rb1100ahx4 - improved reliability on hardware encryption;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly detect hAP ac^2 RAM size;
*) sniffer - fixed "/tool sniffer packet" results listed in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - fixed SSH service becoming unavailable;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-CRS3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) w60g - added "tx-power" setting (CLI only);
*) w60g - added RSSI information (CLI only);
*) w60g - added TX sector alignment information (CLI only);
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certificate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show dual SIM options only for RouterBOARDS which does have two SIM slots;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RB911-5HnD low transmit power issue;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - fixed wsAP wrong 5 GHz interface MAC address;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless performance on hAP ac^2 devices while USB is being used;
*) wireless - improved wireless scan functionality;
Версия 6.42
2018-04-20
What's new in 6.42 (2018-Apr-13 11:03):
!) tile - improved system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for CRS3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge - added per-port learning options;
*) bridge - added support for static hosts;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac^2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface matching by name on VMware installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make Virtio disks visible under "/disk" on KVM installations;
*) chr - run startup scripts on the first boot on AWS and Google Cloud installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot when connected to boot server through CRS326 device;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) crs3xx - added “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) dns - do not generate "Undo" messages on changes to dynamic servers;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - added log warning when switching between redundant power supplies;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) ike2 - fixed framed IP address received from RADIUS server;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ippool6 - added pool name to "no more addresses left" error message;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) ipv6 - fixed IPv6 behaviour when bridge port leaves bridge;
*) ipv6 - update IPv6 DNS from RA only when it is changed;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - added "Dark Mode" support for wAP 60G;
*) led - added w60g alignment trigger;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed LTE band setting for SXT LTE;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - fixed MMIPS RouterOS package description;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - do not show "poe-out-current" on devices which can not determine it;
*) poe - hide PoE related properties on interfaces that does not provide power output;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) quickset - use "/24" subnet for local network by default;
*) r11e-lte - improved LTE connection initialization process;
*) rb1100ahx4 - improved reliability on hardware encryption;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly detect hAP ac^2 RAM size;
*) sniffer - fixed "/tool sniffer packet" results listed in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - fixed SSH service becoming unavailable;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-CRS3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) w60g - added "tx-power" setting (CLI only);
*) w60g - added RSSI information (CLI only);
*) w60g - added TX sector alignment information (CLI only);
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certificate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show dual SIM options only for RouterBOARDS which does have two SIM slots;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RB911-5HnD low transmit power issue;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - fixed wsAP wrong 5 GHz interface MAC address;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless performance on hAP ac^2 devices while USB is being used;
*) wireless - improved wireless scan functionality;
!) tile - improved system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for CRS3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge - added per-port learning options;
*) bridge - added support for static hosts;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac^2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface matching by name on VMware installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make Virtio disks visible under "/disk" on KVM installations;
*) chr - run startup scripts on the first boot on AWS and Google Cloud installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot when connected to boot server through CRS326 device;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) crs3xx - added “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) dns - do not generate "Undo" messages on changes to dynamic servers;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - added log warning when switching between redundant power supplies;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) ike2 - fixed framed IP address received from RADIUS server;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ippool6 - added pool name to "no more addresses left" error message;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) ipv6 - fixed IPv6 behaviour when bridge port leaves bridge;
*) ipv6 - update IPv6 DNS from RA only when it is changed;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - added "Dark Mode" support for wAP 60G;
*) led - added w60g alignment trigger;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed LTE band setting for SXT LTE;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - fixed MMIPS RouterOS package description;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - do not show "poe-out-current" on devices which can not determine it;
*) poe - hide PoE related properties on interfaces that does not provide power output;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) quickset - use "/24" subnet for local network by default;
*) r11e-lte - improved LTE connection initialization process;
*) rb1100ahx4 - improved reliability on hardware encryption;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly detect hAP ac^2 RAM size;
*) sniffer - fixed "/tool sniffer packet" results listed in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - fixed SSH service becoming unavailable;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-CRS3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) w60g - added "tx-power" setting (CLI only);
*) w60g - added RSSI information (CLI only);
*) w60g - added TX sector alignment information (CLI only);
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certificate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show dual SIM options only for RouterBOARDS which does have two SIM slots;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RB911-5HnD low transmit power issue;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - fixed wsAP wrong 5 GHz interface MAC address;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless performance on hAP ac^2 devices while USB is being used;
*) wireless - improved wireless scan functionality;
Версия 6.42
2018-04-20
What's new in 6.42 (2018-Apr-13 11:03):
!) tile - improved system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for CRS3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge - added per-port learning options;
*) bridge - added support for static hosts;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac^2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface matching by name on VMware installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make Virtio disks visible under "/disk" on KVM installations;
*) chr - run startup scripts on the first boot on AWS and Google Cloud installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot when connected to boot server through CRS326 device;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) crs3xx - added “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) dns - do not generate "Undo" messages on changes to dynamic servers;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - added log warning when switching between redundant power supplies;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) ike2 - fixed framed IP address received from RADIUS server;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ippool6 - added pool name to "no more addresses left" error message;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) ipv6 - fixed IPv6 behaviour when bridge port leaves bridge;
*) ipv6 - update IPv6 DNS from RA only when it is changed;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - added "Dark Mode" support for wAP 60G;
*) led - added w60g alignment trigger;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed LTE band setting for SXT LTE;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - fixed MMIPS RouterOS package description;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - do not show "poe-out-current" on devices which can not determine it;
*) poe - hide PoE related properties on interfaces that does not provide power output;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) quickset - use "/24" subnet for local network by default;
*) r11e-lte - improved LTE connection initialization process;
*) rb1100ahx4 - improved reliability on hardware encryption;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly detect hAP ac^2 RAM size;
*) sniffer - fixed "/tool sniffer packet" results listed in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - fixed SSH service becoming unavailable;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-CRS3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) w60g - added "tx-power" setting (CLI only);
*) w60g - added RSSI information (CLI only);
*) w60g - added TX sector alignment information (CLI only);
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certificate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show dual SIM options only for RouterBOARDS which does have two SIM slots;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RB911-5HnD low transmit power issue;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - fixed wsAP wrong 5 GHz interface MAC address;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless performance on hAP ac^2 devices while USB is being used;
*) wireless - improved wireless scan functionality;
!) tile - improved system performance and stability ("/system routerboard upgrade" required);
!) w60g - increased distance for wAP 60G to 200+ meters;
*) bridge - added host aging timer for CRS3xx and Atheros hw-bridges;
*) bridge - added per-port forwarding options for broadcasts, unknown-multicasts and unknown-unicasts;
*) bridge - added per-port learning options;
*) bridge - added support for static hosts;
*) bridge - fixed "master-port" configuration conversion from pre-v6.41 RouterOS versions;
*) bridge - fixed bridge port interface parameter under "/interface bridge host print detail";
*) bridge - fixed false MAC address learning on hAP ac^2 and cAP ac devices;
*) bridge - fixed incorrect "fast-forward" enabling when ports were switched;
*) bridge - fixed MAC learning for VRRP interfaces on bridge;
*) bridge - fixed reliability on software bridges when used on devices without switch chip;
*) bridge - hide options for disabled bridge features in CLI;
*) bridge - show "hw" flags only on Ethernet interfaces and interface lists;
*) capsman - added "allow-signal-out-of-range" option for Access List entries;
*) capsman - added support for "interface-list" in Access List and Datapath entries;
*) capsman - improved CAPsMAN responsiveness with large amount of CAP interfaces;
*) capsman - log "signal-strength" when successfully connected to AP;
*) certificate - added PKCS#10 version check;
*) certificate - dropped DES support and added AES instead for SCEP;
*) certificate - dropped MD5 support and require SHA1 as minimum for SCEP;
*) certificate - fixed incorrect SCEP URL after an upgrade;
*) chr - added "open-vm-tools" on VMware installations;
*) chr - added "qemu-guest-agent" and "virtio-scsi" driver on KVM installations;
*) chr - added "xe-daemon" on Xen installations;
*) chr - added support for Amazon Elastic Network Adapter (ENA) driver;
*) chr - added support for booting from NVMe disks;
*) chr - added support for Hyper-V ballooning, guest quiescing, host-guest file transfer, integration services and static IP injection;
*) chr - added support for NIC hot-plug on VMware and Xen installations;
*) chr - fixed additional disk detaching on Xen installations;
*) chr - fixed interface matching by name on VMware installations;
*) chr - fixed interface naming order when adding more than 4 interfaces on VMware installations;
*) chr - fixed suspend on Xen installations;
*) chr - make additional disks visible under "/disk" on Xen installations;
*) chr - make Virtio disks visible under "/disk" on KVM installations;
*) chr - run startup scripts on the first boot on AWS and Google Cloud installations;
*) console - fixed "idpr-cmtp" protocol by changing its value from 39 to 38;
*) console - improved console stability after it has not been used for a long time;
*) crs1xx/2xx - added BPDU value for "ingress-vlan-translation" menu "protocol" option;
*) crs212 - fixed Ethernet boot when connected to boot server through CRS326 device;
*) crs326 - fixed known multicast flooding to the CPU;
*) crs3xx - added switch port "storm-rate" limiting options;
*) crs3xx - added “hw-offload” support for 802.3ad and “balance-xor” bonding;
*) detnet - fixed "detect-internet" feature unavailability if router had too long identity (introduced in v6.41);
*) dhcp - improved DHCP service reliability when it is configured on bridge interface;
*) dhcp - reduced resource usage of DHCP services;
*) dhcpv4-server - added "dns-none" option to "/ip dhcp-server network dns";
*) dhcpv6 - make sure that time is set before restoring bindings;
*) dhcpv6-client - added info exchange support;
*) dhcpv6-client - added possibility to specify options;
*) dhcpv6-client - added support for options 15 and 16;
*) dhcpv6-client - implement confirm after reboot;
*) dhcpv6-server - added DHCPv4 style user options;
*) dns - do not generate "Undo" messages on changes to dynamic servers;
*) email - set maximum number of sessions to 100;
*) fetch - added "http-content-type" option to allow setting MIME type of the data in free text form;
*) fetch - added "output" option for all modes in order to return result to file, variable or ignore it;
*) fetch - increased maximum number of sessions to 100;
*) filesystem - implemented additional system storage maintenance checks on ARM CPU based devices;
*) flashfig - properly apply configuration provided by Flashfig;
*) gps - improved NMEA sentence handling;
*) health - added log warning when switching between redundant power supplies;
*) health - fixed empty measurements on CRS328-24P-4S+RM;
*) hotspot - improved HTTPS matching in Walled Garden rules;
*) ike1 - display error message when peer requests "mode-config" when it is not configured;
*) ike1 - do not accept "mode-config" reply more than once;
*) ike1 - fixed wildcard policy lookup on responder;
*) ike2 - fixed framed IP address received from RADIUS server;
*) interface - improved interface configuration responsiveness;
*) ippool - added ability to specify comment;
*) ippool6 - added pool name to "no more addresses left" error message;
*) ipsec - fixed AES-CTR and AES-GCM support on RB1200;
*) ipsec - improved single tunnel hardware acceleration performance on MMIPS devices;
*) ipsec - properly detect interface for "mode-config" client IP address assignment;
*) ipv6 - fixed IPv6 behaviour when bridge port leaves bridge;
*) ipv6 - update IPv6 DNS from RA only when it is changed;
*) kidcontrol - initial work on "/ip kid-control" feature;
*) led - added "Dark Mode" support for wAP 60G;
*) led - added w60g alignment trigger;
*) led - fixed unused "link-act-led" LED trigger on RBLHG 2nD, RBLHG 2nD-XL and RBSXTsq 2nD;
*) led - removed unused "link-act-led" trigger for devices which does not use it;
*) lte - added initial support for Quectel LTE EP06-E;
*) lte - added initial support for SIM7600 LTE modem interface;
*) lte - added support for the user and password authentication for wAP-LTE-kit-US (R11e-LTE-US);
*) lte - do not add DHCP client on LTE modems that doesn't use DHCP;
*) lte - fixed DHCP client adding for MF823 modem;
*) lte - fixed LTE band setting for SXT LTE;
*) mac-ping - fixed duplicate responses;
*) modem - added initial support for AC340U;
*) netinstall - fixed MMIPS RouterOS package description;
*) netinstall - sign Netinstall executable with an Extended Validation Code Signing Certificate;
*) netwatch - limit to read, write, test and reboot policies for Netwatch script execution;
*) poe - do not show "poe-out-current" on devices which can not determine it;
*) poe - hide PoE related properties on interfaces that does not provide power output;
*) ppp - added initial support for NETGEAR AC340U and ZyXEL WAH1604;
*) ppp - allow to override remote user PPP profile via "Mikrotik-Group";
*) quickset - fixed NAT if PPPoE client is used for Internet access;
*) quickset - properly detect IP address when one of the bridge modes is used;
*) quickset - properly detect LTE interface on startup;
*) quickset - show "G" flag for guest users;
*) quickset - use "/24" subnet for local network by default;
*) r11e-lte - improved LTE connection initialization process;
*) rb1100ahx4 - improved reliability on hardware encryption;
*) routerboard - added RouterBOOT "auto-upgrade" after RouterOS upgrade (extra reboot required);
*) routerboard - properly detect hAP ac^2 RAM size;
*) sniffer - fixed "/tool sniffer packet" results listed in incorrect order;
*) snmp - added "/caps-man interface print oid";
*) snmp - added "/interface w60g print oid";
*) snmp - added "board-name" OID;
*) snmp - improved request processing performance for wireless and CAP interfaces;
*) ssh - fixed SSH service becoming unavailable;
*) ssh - generate SSH keys only on the first connect attempt instead of the first boot;
*) ssh - improved key import error messages;
*) ssh - remove imported public SSH keys when their owner user is removed;
*) switch - hide "ingress-rate" and "egress-rate" for non-CRS3xx switches;
*) tile - added "aes-ctr" hardware acceleration support;
*) tr069-client - added "DownloadDiagnostics" and "UploadDiagnostics";
*) tr069-client - correctly return “TransferComplete” after vendor configuration file transfer;
*) tr069-client - fixed "/tool fetch" commands executed with ".alter" script;
*) tr069-client - fixed HTTPS authentication process;
*) traffic-flow - fixed IPv6 destination address value when IPFIX protocol is used;
*) upgrade - improved RouterOS upgrade process and restrict upgrade from RouterOS older than v5.16;
*) ups - improved communication between router and UPS;
*) ups - improved disconnect message handling between RouterOS and UPS;
*) userman - added support for ARM and MMIPS platform;
*) w60g - added "tx-power" setting (CLI only);
*) w60g - added RSSI information (CLI only);
*) w60g - added TX sector alignment information (CLI only);
*) watchdog - retry to send "autosupout.rif" file to an e-mail if initial delivery failed up to 3 times within 20 second interval;
*) winbox - added "antenna" setting under GPS settings for MIPS platform devices;
*) winbox - added "crl-store" setting to certificate settings;
*) winbox - added "insert-queue-before" to DHCP server;
*) winbox - added "use-dn" setting in OSPF instance General menu;
*) winbox - added 160 MHz "channel-width" to wireless settings;
*) winbox - added DHCPv6 client info request type and updated statuses;
*) winbox - added missing protocol numbers to IPv4 and IPv6 firewall;
*) winbox - added possibility to delete SMS from inbox;
*) winbox - allow to comment new object without committing it;
*) winbox - allow to open bridge host entry;
*) winbox - fixed name for "out-bridge-list" parameter under bridge firewall rules;
*) winbox - fixed typo from "UPtime" to "Uptime";
*) winbox - fixed Winbox closing when viewing graph which does not contain any data;
*) winbox - improved stability when using trackpad scrolling in large lists;
*) winbox - made UDP local and remote TX size parameters optional in Bandwidth Test tool;
*) winbox - moved "ageing-time" setting from STP to General tab;
*) winbox - moved OSPF instance "routing-table" setting in OSPF instance General menu;
*) winbox - removed “VLAN” section from “Switch” menu for CRS3xx devices;
*) winbox - show Bridge Port PVID column by default;
*) winbox - show CQI in LTE info;
*) winbox - show dual SIM options only for RouterBOARDS which does have two SIM slots;
*) winbox - show only master CAP interfaces under CAPsMAN wireless scan tool;
*) winbox - use proper graph name for HDD graphs;
*) wireless - added "realm-raw" setting for "/interface wireless interworking-profiles" (CLI only);
*) wireless - added initial support for "nstreme-plus";
*) wireless - added support for "band=5ghz-n/ac";
*) wireless - added support for "interface-list" for Access List entries;
*) wireless - added support for legacy AR9485 chipset;
*) wireless - enable all chains by default on devices without external antennas after configuration reset;
*) wireless - fixed "wds-slave" channel selection when single frequency is specified;
*) wireless - fixed incompatibility with macOS clients;
*) wireless - fixed long "scan-list" entries not working for ARM based wireless interfaces;
*) wireless - fixed nv2 protocol on ARM platform SXTsq devices;
*) wireless - fixed RB911-5HnD low transmit power issue;
*) wireless - fixed RTS/CTS option for the ARM based wireless devices;
*) wireless - fixed wsAP wrong 5 GHz interface MAC address;
*) wireless - improved compatibility with specific wireless AC standard clients;
*) wireless - improved Nv2 PtMP performance;
*) wireless - improved packet processing on ARM platform devices;
*) wireless - improved wireless performance on hAP ac^2 devices while USB is being used;
*) wireless - improved wireless scan functionality;
Версия 7.1rc7
2021-11-26
What's new in 7.1rc7 (2021-Nov-25 16:35):
!) device-mode - added feature locking mechanism;
*) arp - limit total ARP table size based on installed RAM size;
*) bgp - fixed "nexthop-choice" selection;
*) bgp - fixed peer handling on point-to-point addresses;
*) bgp - ignore empty filter names on upgrade;
*) bgp - implemented BGP VPN configuration upgrade and other configuration upgrade fixes;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) health - improved temperature reporting;
*) ipsec - fixed hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed software fallback mode for AES-192 on IPQ4018/IPQ4019;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) lte - added "cell-monitor" support for Chateau 5G;
*) lte - improved LTE setting reporting to supout file;
*) ospf - fixed MD5 authentication with large packets;
*) ospf - fixed OSPFv3 interface configuration;
*) ospf - improved DB exchange speeds;
*) ospf - improved stability with large LS update packets;
*) route - fixed "Route Target" byte order;
*) route - fixed unreachable routed networks on VRFs;
*) route - fixed route rule upgrade;
*) route - fixed situation when routes with unequal distances got treated as ECMP routes;
*) route - improvements on VRF isolation;
*) route-filters - added "as-path" regexp testing tool;
*) route-filters - added "as-path-slow-legacy" to support old style "as-path" filtering;
*) route-filters - fixed "as-path" bracket parsing and 4byte ASN usage;
*) routerboard - fixed "mode-button" functionality on devices that have such feature;
*) upgrade - improved major version upgrade process on hAP ac2 and cAP ac;
*) wifiwave2 - fixed enforcement of access list rules which only checks client signal strength for new connections;
*) wifiwave2 - removed non-functioning VLAN configuration parameters from access list;
!) device-mode - added feature locking mechanism;
*) arp - limit total ARP table size based on installed RAM size;
*) bgp - fixed "nexthop-choice" selection;
*) bgp - fixed peer handling on point-to-point addresses;
*) bgp - ignore empty filter names on upgrade;
*) bgp - implemented BGP VPN configuration upgrade and other configuration upgrade fixes;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) health - improved temperature reporting;
*) ipsec - fixed hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed software fallback mode for AES-192 on IPQ4018/IPQ4019;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) lte - added "cell-monitor" support for Chateau 5G;
*) lte - improved LTE setting reporting to supout file;
*) ospf - fixed MD5 authentication with large packets;
*) ospf - fixed OSPFv3 interface configuration;
*) ospf - improved DB exchange speeds;
*) ospf - improved stability with large LS update packets;
*) route - fixed "Route Target" byte order;
*) route - fixed unreachable routed networks on VRFs;
*) route - fixed route rule upgrade;
*) route - fixed situation when routes with unequal distances got treated as ECMP routes;
*) route - improvements on VRF isolation;
*) route-filters - added "as-path" regexp testing tool;
*) route-filters - added "as-path-slow-legacy" to support old style "as-path" filtering;
*) route-filters - fixed "as-path" bracket parsing and 4byte ASN usage;
*) routerboard - fixed "mode-button" functionality on devices that have such feature;
*) upgrade - improved major version upgrade process on hAP ac2 and cAP ac;
*) wifiwave2 - fixed enforcement of access list rules which only checks client signal strength for new connections;
*) wifiwave2 - removed non-functioning VLAN configuration parameters from access list;
Версия 7.1rc7
2021-11-26
What's new in 7.1rc7 (2021-Nov-25 16:35):
!) device-mode - added feature locking mechanism;
*) arp - limit total ARP table size based on installed RAM size;
*) bgp - fixed "nexthop-choice" selection;
*) bgp - fixed peer handling on point-to-point addresses;
*) bgp - ignore empty filter names on upgrade;
*) bgp - implemented BGP VPN configuration upgrade and other configuration upgrade fixes;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) health - improved temperature reporting;
*) ipsec - fixed hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed software fallback mode for AES-192 on IPQ4018/IPQ4019;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) lte - added "cell-monitor" support for Chateau 5G;
*) lte - improved LTE setting reporting to supout file;
*) ospf - fixed MD5 authentication with large packets;
*) ospf - fixed OSPFv3 interface configuration;
*) ospf - improved DB exchange speeds;
*) ospf - improved stability with large LS update packets;
*) route - fixed "Route Target" byte order;
*) route - fixed unreachable routed networks on VRFs;
*) route - fixed route rule upgrade;
*) route - fixed situation when routes with unequal distances got treated as ECMP routes;
*) route - improvements on VRF isolation;
*) route-filters - added "as-path" regexp testing tool;
*) route-filters - added "as-path-slow-legacy" to support old style "as-path" filtering;
*) route-filters - fixed "as-path" bracket parsing and 4byte ASN usage;
*) routerboard - fixed "mode-button" functionality on devices that have such feature;
*) upgrade - improved major version upgrade process on hAP ac2 and cAP ac;
*) wifiwave2 - fixed enforcement of access list rules which only checks client signal strength for new connections;
*) wifiwave2 - removed non-functioning VLAN configuration parameters from access list;
!) device-mode - added feature locking mechanism;
*) arp - limit total ARP table size based on installed RAM size;
*) bgp - fixed "nexthop-choice" selection;
*) bgp - fixed peer handling on point-to-point addresses;
*) bgp - ignore empty filter names on upgrade;
*) bgp - implemented BGP VPN configuration upgrade and other configuration upgrade fixes;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) health - improved temperature reporting;
*) ipsec - fixed hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed software fallback mode for AES-192 on IPQ4018/IPQ4019;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) lte - added "cell-monitor" support for Chateau 5G;
*) lte - improved LTE setting reporting to supout file;
*) ospf - fixed MD5 authentication with large packets;
*) ospf - fixed OSPFv3 interface configuration;
*) ospf - improved DB exchange speeds;
*) ospf - improved stability with large LS update packets;
*) route - fixed "Route Target" byte order;
*) route - fixed unreachable routed networks on VRFs;
*) route - fixed route rule upgrade;
*) route - fixed situation when routes with unequal distances got treated as ECMP routes;
*) route - improvements on VRF isolation;
*) route-filters - added "as-path" regexp testing tool;
*) route-filters - added "as-path-slow-legacy" to support old style "as-path" filtering;
*) route-filters - fixed "as-path" bracket parsing and 4byte ASN usage;
*) routerboard - fixed "mode-button" functionality on devices that have such feature;
*) upgrade - improved major version upgrade process on hAP ac2 and cAP ac;
*) wifiwave2 - fixed enforcement of access list rules which only checks client signal strength for new connections;
*) wifiwave2 - removed non-functioning VLAN configuration parameters from access list;
Версия 7.1rc7
2021-11-26
What's new in 7.1rc7 (2021-Nov-25 16:35):
!) device-mode - added feature locking mechanism;
*) arp - limit total ARP table size based on installed RAM size;
*) bgp - fixed "nexthop-choice" selection;
*) bgp - fixed peer handling on point-to-point addresses;
*) bgp - ignore empty filter names on upgrade;
*) bgp - implemented BGP VPN configuration upgrade and other configuration upgrade fixes;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) health - improved temperature reporting;
*) ipsec - fixed hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed software fallback mode for AES-192 on IPQ4018/IPQ4019;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) lte - added "cell-monitor" support for Chateau 5G;
*) lte - improved LTE setting reporting to supout file;
*) ospf - fixed MD5 authentication with large packets;
*) ospf - fixed OSPFv3 interface configuration;
*) ospf - improved DB exchange speeds;
*) ospf - improved stability with large LS update packets;
*) route - fixed "Route Target" byte order;
*) route - fixed unreachable routed networks on VRFs;
*) route - fixed route rule upgrade;
*) route - fixed situation when routes with unequal distances got treated as ECMP routes;
*) route - improvements on VRF isolation;
*) route-filters - added "as-path" regexp testing tool;
*) route-filters - added "as-path-slow-legacy" to support old style "as-path" filtering;
*) route-filters - fixed "as-path" bracket parsing and 4byte ASN usage;
*) routerboard - fixed "mode-button" functionality on devices that have such feature;
*) upgrade - improved major version upgrade process on hAP ac2 and cAP ac;
*) wifiwave2 - fixed enforcement of access list rules which only checks client signal strength for new connections;
*) wifiwave2 - removed non-functioning VLAN configuration parameters from access list;
!) device-mode - added feature locking mechanism;
*) arp - limit total ARP table size based on installed RAM size;
*) bgp - fixed "nexthop-choice" selection;
*) bgp - fixed peer handling on point-to-point addresses;
*) bgp - ignore empty filter names on upgrade;
*) bgp - implemented BGP VPN configuration upgrade and other configuration upgrade fixes;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) health - improved temperature reporting;
*) ipsec - fixed hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed software fallback mode for AES-192 on IPQ4018/IPQ4019;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) lte - added "cell-monitor" support for Chateau 5G;
*) lte - improved LTE setting reporting to supout file;
*) ospf - fixed MD5 authentication with large packets;
*) ospf - fixed OSPFv3 interface configuration;
*) ospf - improved DB exchange speeds;
*) ospf - improved stability with large LS update packets;
*) route - fixed "Route Target" byte order;
*) route - fixed unreachable routed networks on VRFs;
*) route - fixed route rule upgrade;
*) route - fixed situation when routes with unequal distances got treated as ECMP routes;
*) route - improvements on VRF isolation;
*) route-filters - added "as-path" regexp testing tool;
*) route-filters - added "as-path-slow-legacy" to support old style "as-path" filtering;
*) route-filters - fixed "as-path" bracket parsing and 4byte ASN usage;
*) routerboard - fixed "mode-button" functionality on devices that have such feature;
*) upgrade - improved major version upgrade process on hAP ac2 and cAP ac;
*) wifiwave2 - fixed enforcement of access list rules which only checks client signal strength for new connections;
*) wifiwave2 - removed non-functioning VLAN configuration parameters from access list;
Версия 7.1rc7
2021-11-26
What's new in 7.1rc7 (2021-Nov-25 16:35):
!) device-mode - added feature locking mechanism;
*) arp - limit total ARP table size based on installed RAM size;
*) bgp - fixed "nexthop-choice" selection;
*) bgp - fixed peer handling on point-to-point addresses;
*) bgp - ignore empty filter names on upgrade;
*) bgp - implemented BGP VPN configuration upgrade and other configuration upgrade fixes;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) health - improved temperature reporting;
*) ipsec - fixed hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed software fallback mode for AES-192 on IPQ4018/IPQ4019;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) lte - added "cell-monitor" support for Chateau 5G;
*) lte - improved LTE setting reporting to supout file;
*) ospf - fixed MD5 authentication with large packets;
*) ospf - fixed OSPFv3 interface configuration;
*) ospf - improved DB exchange speeds;
*) ospf - improved stability with large LS update packets;
*) route - fixed "Route Target" byte order;
*) route - fixed unreachable routed networks on VRFs;
*) route - fixed route rule upgrade;
*) route - fixed situation when routes with unequal distances got treated as ECMP routes;
*) route - improvements on VRF isolation;
*) route-filters - added "as-path" regexp testing tool;
*) route-filters - added "as-path-slow-legacy" to support old style "as-path" filtering;
*) route-filters - fixed "as-path" bracket parsing and 4byte ASN usage;
*) routerboard - fixed "mode-button" functionality on devices that have such feature;
*) upgrade - improved major version upgrade process on hAP ac2 and cAP ac;
*) wifiwave2 - fixed enforcement of access list rules which only checks client signal strength for new connections;
*) wifiwave2 - removed non-functioning VLAN configuration parameters from access list;
!) device-mode - added feature locking mechanism;
*) arp - limit total ARP table size based on installed RAM size;
*) bgp - fixed "nexthop-choice" selection;
*) bgp - fixed peer handling on point-to-point addresses;
*) bgp - ignore empty filter names on upgrade;
*) bgp - implemented BGP VPN configuration upgrade and other configuration upgrade fixes;
*) conntrack - limit total connection tracking table size based on installed RAM size;
*) crs3xx - fixed interface linking for some optical QSFP+ modules on CRS354 devices;
*) health - improved temperature reporting;
*) ipsec - fixed hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed software fallback mode for AES-192 on IPQ4018/IPQ4019;
*) led - added "dark-mode" functionality control with Mode button for cAP XL ac;
*) lte - added "cell-monitor" support for Chateau 5G;
*) lte - improved LTE setting reporting to supout file;
*) ospf - fixed MD5 authentication with large packets;
*) ospf - fixed OSPFv3 interface configuration;
*) ospf - improved DB exchange speeds;
*) ospf - improved stability with large LS update packets;
*) route - fixed "Route Target" byte order;
*) route - fixed unreachable routed networks on VRFs;
*) route - fixed route rule upgrade;
*) route - fixed situation when routes with unequal distances got treated as ECMP routes;
*) route - improvements on VRF isolation;
*) route-filters - added "as-path" regexp testing tool;
*) route-filters - added "as-path-slow-legacy" to support old style "as-path" filtering;
*) route-filters - fixed "as-path" bracket parsing and 4byte ASN usage;
*) routerboard - fixed "mode-button" functionality on devices that have such feature;
*) upgrade - improved major version upgrade process on hAP ac2 and cAP ac;
*) wifiwave2 - fixed enforcement of access list rules which only checks client signal strength for new connections;
*) wifiwave2 - removed non-functioning VLAN configuration parameters from access list;
Версия 7.1rc6
2021-11-08
What's new in 7.1rc6 (2021-Nov-04 18:20):
*) bgp - fixed connection establishment if peer is in VRF;
*) bgp - fixed interface addition to "link-local" nexthops;
*) capsman - fixed CAP upgrade process when upgrading from RouterOS v6;
*) certificate - improved stability when sending bogus SCEP message;
*) certificate - resolveed issue with public key generation when digest algorithm is unspecified and processing certificate signing requests;
*) l3hw - fixed HW offloading for connected bridge routes;
*) l3hw - fixed source MAC address usage for routed packets for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) lte - added AT chat support for Telit LN960;
*) lte - do not allow to run "scan" and "cell-monitor" commands if SIM is not present;
*) lte - fixed modem port initialization on KNOT;
*) ospf - properly set instance after upgrade from RouterOS v6;
*) route-filters - added "suppress-hw-offload" parameter;
*) route-filters - fixed "as-path" regexp matcher;
*) ssh - made SSH work in VRF's;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) tile - improved system stability when sending EoIP packet over interface that is being disabled;
*) wifiwave2 - fixed assignment of channel profiles to interfaces;
*) wifiwave2 - fixed interface list matching in "access-list";
*) bgp - fixed connection establishment if peer is in VRF;
*) bgp - fixed interface addition to "link-local" nexthops;
*) capsman - fixed CAP upgrade process when upgrading from RouterOS v6;
*) certificate - improved stability when sending bogus SCEP message;
*) certificate - resolveed issue with public key generation when digest algorithm is unspecified and processing certificate signing requests;
*) l3hw - fixed HW offloading for connected bridge routes;
*) l3hw - fixed source MAC address usage for routed packets for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) lte - added AT chat support for Telit LN960;
*) lte - do not allow to run "scan" and "cell-monitor" commands if SIM is not present;
*) lte - fixed modem port initialization on KNOT;
*) ospf - properly set instance after upgrade from RouterOS v6;
*) route-filters - added "suppress-hw-offload" parameter;
*) route-filters - fixed "as-path" regexp matcher;
*) ssh - made SSH work in VRF's;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) tile - improved system stability when sending EoIP packet over interface that is being disabled;
*) wifiwave2 - fixed assignment of channel profiles to interfaces;
*) wifiwave2 - fixed interface list matching in "access-list";
Версия 7.1rc6
2021-11-08
What's new in 7.1rc6 (2021-Nov-04 18:20):
*) bgp - fixed connection establishment if peer is in VRF;
*) bgp - fixed interface addition to "link-local" nexthops;
*) capsman - fixed CAP upgrade process when upgrading from RouterOS v6;
*) certificate - improved stability when sending bogus SCEP message;
*) certificate - resolveed issue with public key generation when digest algorithm is unspecified and processing certificate signing requests;
*) l3hw - fixed HW offloading for connected bridge routes;
*) l3hw - fixed source MAC address usage for routed packets for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) lte - added AT chat support for Telit LN960;
*) lte - do not allow to run "scan" and "cell-monitor" commands if SIM is not present;
*) lte - fixed modem port initialization on KNOT;
*) ospf - properly set instance after upgrade from RouterOS v6;
*) route-filters - added "suppress-hw-offload" parameter;
*) route-filters - fixed "as-path" regexp matcher;
*) ssh - made SSH work in VRF's;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) tile - improved system stability when sending EoIP packet over interface that is being disabled;
*) wifiwave2 - fixed assignment of channel profiles to interfaces;
*) wifiwave2 - fixed interface list matching in "access-list";
*) bgp - fixed connection establishment if peer is in VRF;
*) bgp - fixed interface addition to "link-local" nexthops;
*) capsman - fixed CAP upgrade process when upgrading from RouterOS v6;
*) certificate - improved stability when sending bogus SCEP message;
*) certificate - resolveed issue with public key generation when digest algorithm is unspecified and processing certificate signing requests;
*) l3hw - fixed HW offloading for connected bridge routes;
*) l3hw - fixed source MAC address usage for routed packets for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) lte - added AT chat support for Telit LN960;
*) lte - do not allow to run "scan" and "cell-monitor" commands if SIM is not present;
*) lte - fixed modem port initialization on KNOT;
*) ospf - properly set instance after upgrade from RouterOS v6;
*) route-filters - added "suppress-hw-offload" parameter;
*) route-filters - fixed "as-path" regexp matcher;
*) ssh - made SSH work in VRF's;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) tile - improved system stability when sending EoIP packet over interface that is being disabled;
*) wifiwave2 - fixed assignment of channel profiles to interfaces;
*) wifiwave2 - fixed interface list matching in "access-list";
Версия 7.1rc6
2021-11-08
What's new in 7.1rc6 (2021-Nov-04 18:20):
*) bgp - fixed connection establishment if peer is in VRF;
*) bgp - fixed interface addition to "link-local" nexthops;
*) capsman - fixed CAP upgrade process when upgrading from RouterOS v6;
*) certificate - improved stability when sending bogus SCEP message;
*) certificate - resolveed issue with public key generation when digest algorithm is unspecified and processing certificate signing requests;
*) l3hw - fixed HW offloading for connected bridge routes;
*) l3hw - fixed source MAC address usage for routed packets for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) lte - added AT chat support for Telit LN960;
*) lte - do not allow to run "scan" and "cell-monitor" commands if SIM is not present;
*) lte - fixed modem port initialization on KNOT;
*) ospf - properly set instance after upgrade from RouterOS v6;
*) route-filters - added "suppress-hw-offload" parameter;
*) route-filters - fixed "as-path" regexp matcher;
*) ssh - made SSH work in VRF's;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) tile - improved system stability when sending EoIP packet over interface that is being disabled;
*) wifiwave2 - fixed assignment of channel profiles to interfaces;
*) wifiwave2 - fixed interface list matching in "access-list";
*) bgp - fixed connection establishment if peer is in VRF;
*) bgp - fixed interface addition to "link-local" nexthops;
*) capsman - fixed CAP upgrade process when upgrading from RouterOS v6;
*) certificate - improved stability when sending bogus SCEP message;
*) certificate - resolveed issue with public key generation when digest algorithm is unspecified and processing certificate signing requests;
*) l3hw - fixed HW offloading for connected bridge routes;
*) l3hw - fixed source MAC address usage for routed packets for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) lte - added AT chat support for Telit LN960;
*) lte - do not allow to run "scan" and "cell-monitor" commands if SIM is not present;
*) lte - fixed modem port initialization on KNOT;
*) ospf - properly set instance after upgrade from RouterOS v6;
*) route-filters - added "suppress-hw-offload" parameter;
*) route-filters - fixed "as-path" regexp matcher;
*) ssh - made SSH work in VRF's;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) tile - improved system stability when sending EoIP packet over interface that is being disabled;
*) wifiwave2 - fixed assignment of channel profiles to interfaces;
*) wifiwave2 - fixed interface list matching in "access-list";
Версия 7.1rc6
2021-11-08
What's new in 7.1rc6 (2021-Nov-04 18:20):
*) bgp - fixed connection establishment if peer is in VRF;
*) bgp - fixed interface addition to "link-local" nexthops;
*) capsman - fixed CAP upgrade process when upgrading from RouterOS v6;
*) certificate - improved stability when sending bogus SCEP message;
*) certificate - resolveed issue with public key generation when digest algorithm is unspecified and processing certificate signing requests;
*) l3hw - fixed HW offloading for connected bridge routes;
*) l3hw - fixed source MAC address usage for routed packets for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) lte - added AT chat support for Telit LN960;
*) lte - do not allow to run "scan" and "cell-monitor" commands if SIM is not present;
*) lte - fixed modem port initialization on KNOT;
*) ospf - properly set instance after upgrade from RouterOS v6;
*) route-filters - added "suppress-hw-offload" parameter;
*) route-filters - fixed "as-path" regexp matcher;
*) ssh - made SSH work in VRF's;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) tile - improved system stability when sending EoIP packet over interface that is being disabled;
*) wifiwave2 - fixed assignment of channel profiles to interfaces;
*) wifiwave2 - fixed interface list matching in "access-list";
*) bgp - fixed connection establishment if peer is in VRF;
*) bgp - fixed interface addition to "link-local" nexthops;
*) capsman - fixed CAP upgrade process when upgrading from RouterOS v6;
*) certificate - improved stability when sending bogus SCEP message;
*) certificate - resolveed issue with public key generation when digest algorithm is unspecified and processing certificate signing requests;
*) l3hw - fixed HW offloading for connected bridge routes;
*) l3hw - fixed source MAC address usage for routed packets for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) lte - added AT chat support for Telit LN960;
*) lte - do not allow to run "scan" and "cell-monitor" commands if SIM is not present;
*) lte - fixed modem port initialization on KNOT;
*) ospf - properly set instance after upgrade from RouterOS v6;
*) route-filters - added "suppress-hw-offload" parameter;
*) route-filters - fixed "as-path" regexp matcher;
*) ssh - made SSH work in VRF's;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) tile - improved system stability when sending EoIP packet over interface that is being disabled;
*) wifiwave2 - fixed assignment of channel profiles to interfaces;
*) wifiwave2 - fixed interface list matching in "access-list";
Версия 7.1rc5
2021-10-26
What's new in 7.1rc5 (2021-Oct-25 20:15):
!) container - package is getting updated and will be made available in future, if interested in container feature please use 7.1rc4;
*) arm64 - fixed "total-sector-writes" resetting on each startup;
*) bgp - fixed IBGP nexthop selection;
*) bgp - fixed binding to IPv6 "link-local" address;
*) bgp - fixed missing default "local-pref" on selection;
*) bgp - fixed stability when appending extended communities;
*) bgp - improved stability and other minor fixes;
*) bonding - added warning when using 802.3ad mode without MII link monitoring;
*) bridge - added HW offload support for vlan-filtering on MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) bridge - fixed incorrect "hw=no" setting after reboot in rare cases;
*) bridge - improved MLAG stability;
*) capsman - do not include "access-list" passphrases in the output of export command by default;
*) certificate - added ability to choose the digest algorithm when generating a certificate;
*) chr - fixed FastPath support for VMXNET3 drivers;
*) dhcpv4 - fixed backslash prefix for packet logging;
*) dhcpv6-client - show correct DUID in print;
*) dhcpv6-server - fixed "address-pool" default value;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) dns - fixed memory leak caused by large DNS replies;
*) gps - fixed built-in GPS functionality for LtAP;
*) health - fixed health value reporting on RB5009;
*) ipsec - enabled hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed hardware acceleration support for CHR;
*) l3hw - fixed MTU on receive;
*) l3hw - fixed source MAC address usage for routed packets;
*) leds - adjust "system-led" color based on cellular connection technology on Chateau devices;
*) leds - fixed LED configuration on RB4011;
*) ltap - improved PCIe card support;
*) lte - added "at-chat" support in MBIM mode for Simcom modems in USB composition mode 9003;
*) lte - improved APN re-connection on non LTE networks;
*) lte - improved modem signal monitoring on Chateau 5G;
*) lte - moved notifications about incorrect responses from modem to 'lte' topic;
*) lte - properly show antenna selection on Chateau devices;
*) lte - request modem to restart registration process if timeout detected;
*) ospf - accept LA prefixes from intra-area router's LSA to the routing table;
*) mpls - added ICMP handler (send ICMP ttl exceed on MPLS ttl expiry);
*) ospf - allow to set IPv6 networks for "interface-template";
*) ospf - disable areas with no interface configuration;
*) ospf - do not allow to set "ptp-unnumbered" on IPv6 interfaces;
*) ospf - do not set empty filter chains when upgrading from v6;
*) ospf - improved stability and other minor fixes;
*) ospf - show interface's hello, re-transmit and dead intervals;
*) package - uninstall "container" package when downgrading to v6;
*) pppoe - fixed DHCPv6 PD;
*) quickset - added 5G signal quality information;
*) quickset - made "Password..." button work in Basic AP mode;
*) route - improved stability and other minor fixes;
*) route-filters - fixed "<=" and ">=";
*) route-filters - fixed "ext-community" problems;
*) route-filters - fixed "num range" matchers;
*) route-filters - fixed "route origin" matcher;
*) route-filters - improved completion;
*) route-filters - improved stability and other minor fixes;
*) rpki - added "rpki-query" command;
*) rpki - other minor fixes;
*) snmp - fixed IPsec-SA stats counter reporting;
*) snmp - fixed bulk get/walk with large neighbor version strings;
*) ssl - added support for additional GCM_SHA384 ciphers;
*) ssl - fixed x509 chain validation;
*) switch - fixed bogus statistics after RTL8367 switch reset;
*) system - improved DHCP and HotSpot service stability when shutting down;
*) system - improved system stability when downgrading to v6 with external disks attached;
*) tr069-client - improved compatibility for 5G;
*) traffic-flow - added systematic count-based packet sampling support;
*) user-manager - fixed "rate-limit-priority" parameter;
*) user-manager - fixed PEAP server authentication for Windows clients;
*) vrf - allow to assign interfaces directly along with interface lists;
*) vxlan - added default L2MTU value for improved connectivity in bridged setups;
*) vxlan - improved speed on MIPSBE devices;
*) wifiwave2 - fixed configuration profile renaming;
*) wifiwave2 - moved RADIUS accounting parameters to a separate configuration profile;
*) winbox - added "netmap" action to IPv6 NAT rules;
*) winbox - added IPv6 support for "Network" parameter under "Routing/OSFP/Interface Templates" menu;
*) winbox - added missing IPv6 mangle actions - "mark-routing", "sniff-tzsp", "sniff-pc", "snpt" and "dnpt";
*) winbox - added option to upgrade LTE firmware;
*) winbox - changed extension channel symbol to lower case for WifiWave2;
*) winbox - do not allow to set "memory-lines" parameter out of bounds under "System/Logging/Action" menu;
*) winbox - fixed "routing-mark" and "routing-table" selection in IPv4 and IPv6 firewall and route rules;
*) winbox - fixed private SSH key import;
*) winbox - made "0" the default value for GPS "init-channel" parameter;
*) winbox - made SSID field collapsible for WifiWave2;
*) winbox - moved "RPKI" tab from "Routing/BGP" to "Routing/RPKI" menu;
*) winbox - moved "Tables" tab from "IP/Route" to "Routing" menu;
*) winbox - moved all interface stats columns to the right;
*) winbox - properly load all backups stored in Cloud;
*) winbox - properly show "value" parameter for FWD type entries;
*) winbox - renamed "Backlight" to "OK" under "LCD/Backlight" menu;
*) winbox - renamed "Dst. Address" to "Route Dst." under "IP/Firewall/Mangle" menu;
*) winbox - replaced "routing-table" with VRF in traceroute;
*) winbox - show "External Antenna" parameter on all Chateau devices;
*) winbox - updated WifiWave2 interface fields and tabs;
*) wireguard - do not consider WireGuard interface as ethernet;
*) wireguard - improved system stability when sending WireGuard packets over EoIP;
*) wireless - adjusted antenna gain on Chateau devices;
*) wireless - improved system stability when changing L2MTU for wireless interfaces;
*) wireless - improved system stability when limiting link throughput via "ap-tx-limit" and "client-tx-limit" parameters;
*) wireless - improved system stability when using nv2 protocol on ipq4019 interfaces;
!) container - package is getting updated and will be made available in future, if interested in container feature please use 7.1rc4;
*) arm64 - fixed "total-sector-writes" resetting on each startup;
*) bgp - fixed IBGP nexthop selection;
*) bgp - fixed binding to IPv6 "link-local" address;
*) bgp - fixed missing default "local-pref" on selection;
*) bgp - fixed stability when appending extended communities;
*) bgp - improved stability and other minor fixes;
*) bonding - added warning when using 802.3ad mode without MII link monitoring;
*) bridge - added HW offload support for vlan-filtering on MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) bridge - fixed incorrect "hw=no" setting after reboot in rare cases;
*) bridge - improved MLAG stability;
*) capsman - do not include "access-list" passphrases in the output of export command by default;
*) certificate - added ability to choose the digest algorithm when generating a certificate;
*) chr - fixed FastPath support for VMXNET3 drivers;
*) dhcpv4 - fixed backslash prefix for packet logging;
*) dhcpv6-client - show correct DUID in print;
*) dhcpv6-server - fixed "address-pool" default value;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) dns - fixed memory leak caused by large DNS replies;
*) gps - fixed built-in GPS functionality for LtAP;
*) health - fixed health value reporting on RB5009;
*) ipsec - enabled hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed hardware acceleration support for CHR;
*) l3hw - fixed MTU on receive;
*) l3hw - fixed source MAC address usage for routed packets;
*) leds - adjust "system-led" color based on cellular connection technology on Chateau devices;
*) leds - fixed LED configuration on RB4011;
*) ltap - improved PCIe card support;
*) lte - added "at-chat" support in MBIM mode for Simcom modems in USB composition mode 9003;
*) lte - improved APN re-connection on non LTE networks;
*) lte - improved modem signal monitoring on Chateau 5G;
*) lte - moved notifications about incorrect responses from modem to 'lte' topic;
*) lte - properly show antenna selection on Chateau devices;
*) lte - request modem to restart registration process if timeout detected;
*) ospf - accept LA prefixes from intra-area router's LSA to the routing table;
*) mpls - added ICMP handler (send ICMP ttl exceed on MPLS ttl expiry);
*) ospf - allow to set IPv6 networks for "interface-template";
*) ospf - disable areas with no interface configuration;
*) ospf - do not allow to set "ptp-unnumbered" on IPv6 interfaces;
*) ospf - do not set empty filter chains when upgrading from v6;
*) ospf - improved stability and other minor fixes;
*) ospf - show interface's hello, re-transmit and dead intervals;
*) package - uninstall "container" package when downgrading to v6;
*) pppoe - fixed DHCPv6 PD;
*) quickset - added 5G signal quality information;
*) quickset - made "Password..." button work in Basic AP mode;
*) route - improved stability and other minor fixes;
*) route-filters - fixed "<=" and ">=";
*) route-filters - fixed "ext-community" problems;
*) route-filters - fixed "num range" matchers;
*) route-filters - fixed "route origin" matcher;
*) route-filters - improved completion;
*) route-filters - improved stability and other minor fixes;
*) rpki - added "rpki-query" command;
*) rpki - other minor fixes;
*) snmp - fixed IPsec-SA stats counter reporting;
*) snmp - fixed bulk get/walk with large neighbor version strings;
*) ssl - added support for additional GCM_SHA384 ciphers;
*) ssl - fixed x509 chain validation;
*) switch - fixed bogus statistics after RTL8367 switch reset;
*) system - improved DHCP and HotSpot service stability when shutting down;
*) system - improved system stability when downgrading to v6 with external disks attached;
*) tr069-client - improved compatibility for 5G;
*) traffic-flow - added systematic count-based packet sampling support;
*) user-manager - fixed "rate-limit-priority" parameter;
*) user-manager - fixed PEAP server authentication for Windows clients;
*) vrf - allow to assign interfaces directly along with interface lists;
*) vxlan - added default L2MTU value for improved connectivity in bridged setups;
*) vxlan - improved speed on MIPSBE devices;
*) wifiwave2 - fixed configuration profile renaming;
*) wifiwave2 - moved RADIUS accounting parameters to a separate configuration profile;
*) winbox - added "netmap" action to IPv6 NAT rules;
*) winbox - added IPv6 support for "Network" parameter under "Routing/OSFP/Interface Templates" menu;
*) winbox - added missing IPv6 mangle actions - "mark-routing", "sniff-tzsp", "sniff-pc", "snpt" and "dnpt";
*) winbox - added option to upgrade LTE firmware;
*) winbox - changed extension channel symbol to lower case for WifiWave2;
*) winbox - do not allow to set "memory-lines" parameter out of bounds under "System/Logging/Action" menu;
*) winbox - fixed "routing-mark" and "routing-table" selection in IPv4 and IPv6 firewall and route rules;
*) winbox - fixed private SSH key import;
*) winbox - made "0" the default value for GPS "init-channel" parameter;
*) winbox - made SSID field collapsible for WifiWave2;
*) winbox - moved "RPKI" tab from "Routing/BGP" to "Routing/RPKI" menu;
*) winbox - moved "Tables" tab from "IP/Route" to "Routing" menu;
*) winbox - moved all interface stats columns to the right;
*) winbox - properly load all backups stored in Cloud;
*) winbox - properly show "value" parameter for FWD type entries;
*) winbox - renamed "Backlight" to "OK" under "LCD/Backlight" menu;
*) winbox - renamed "Dst. Address" to "Route Dst." under "IP/Firewall/Mangle" menu;
*) winbox - replaced "routing-table" with VRF in traceroute;
*) winbox - show "External Antenna" parameter on all Chateau devices;
*) winbox - updated WifiWave2 interface fields and tabs;
*) wireguard - do not consider WireGuard interface as ethernet;
*) wireguard - improved system stability when sending WireGuard packets over EoIP;
*) wireless - adjusted antenna gain on Chateau devices;
*) wireless - improved system stability when changing L2MTU for wireless interfaces;
*) wireless - improved system stability when limiting link throughput via "ap-tx-limit" and "client-tx-limit" parameters;
*) wireless - improved system stability when using nv2 protocol on ipq4019 interfaces;
Версия 7.1rc5
2021-10-26
What's new in 7.1rc5 (2021-Oct-25 20:15):
!) container - package is getting updated and will be made available in future, if interested in container feature please use 7.1rc4;
*) arm64 - fixed "total-sector-writes" resetting on each startup;
*) bgp - fixed IBGP nexthop selection;
*) bgp - fixed binding to IPv6 "link-local" address;
*) bgp - fixed missing default "local-pref" on selection;
*) bgp - fixed stability when appending extended communities;
*) bgp - improved stability and other minor fixes;
*) bonding - added warning when using 802.3ad mode without MII link monitoring;
*) bridge - added HW offload support for vlan-filtering on MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) bridge - fixed incorrect "hw=no" setting after reboot in rare cases;
*) bridge - improved MLAG stability;
*) capsman - do not include "access-list" passphrases in the output of export command by default;
*) certificate - added ability to choose the digest algorithm when generating a certificate;
*) chr - fixed FastPath support for VMXNET3 drivers;
*) dhcpv4 - fixed backslash prefix for packet logging;
*) dhcpv6-client - show correct DUID in print;
*) dhcpv6-server - fixed "address-pool" default value;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) dns - fixed memory leak caused by large DNS replies;
*) gps - fixed built-in GPS functionality for LtAP;
*) health - fixed health value reporting on RB5009;
*) ipsec - enabled hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed hardware acceleration support for CHR;
*) l3hw - fixed MTU on receive;
*) l3hw - fixed source MAC address usage for routed packets;
*) leds - adjust "system-led" color based on cellular connection technology on Chateau devices;
*) leds - fixed LED configuration on RB4011;
*) ltap - improved PCIe card support;
*) lte - added "at-chat" support in MBIM mode for Simcom modems in USB composition mode 9003;
*) lte - improved APN re-connection on non LTE networks;
*) lte - improved modem signal monitoring on Chateau 5G;
*) lte - moved notifications about incorrect responses from modem to 'lte' topic;
*) lte - properly show antenna selection on Chateau devices;
*) lte - request modem to restart registration process if timeout detected;
*) ospf - accept LA prefixes from intra-area router's LSA to the routing table;
*) mpls - added ICMP handler (send ICMP ttl exceed on MPLS ttl expiry);
*) ospf - allow to set IPv6 networks for "interface-template";
*) ospf - disable areas with no interface configuration;
*) ospf - do not allow to set "ptp-unnumbered" on IPv6 interfaces;
*) ospf - do not set empty filter chains when upgrading from v6;
*) ospf - improved stability and other minor fixes;
*) ospf - show interface's hello, re-transmit and dead intervals;
*) package - uninstall "container" package when downgrading to v6;
*) pppoe - fixed DHCPv6 PD;
*) quickset - added 5G signal quality information;
*) quickset - made "Password..." button work in Basic AP mode;
*) route - improved stability and other minor fixes;
*) route-filters - fixed "<=" and ">=";
*) route-filters - fixed "ext-community" problems;
*) route-filters - fixed "num range" matchers;
*) route-filters - fixed "route origin" matcher;
*) route-filters - improved completion;
*) route-filters - improved stability and other minor fixes;
*) rpki - added "rpki-query" command;
*) rpki - other minor fixes;
*) snmp - fixed IPsec-SA stats counter reporting;
*) snmp - fixed bulk get/walk with large neighbor version strings;
*) ssl - added support for additional GCM_SHA384 ciphers;
*) ssl - fixed x509 chain validation;
*) switch - fixed bogus statistics after RTL8367 switch reset;
*) system - improved DHCP and HotSpot service stability when shutting down;
*) system - improved system stability when downgrading to v6 with external disks attached;
*) tr069-client - improved compatibility for 5G;
*) traffic-flow - added systematic count-based packet sampling support;
*) user-manager - fixed "rate-limit-priority" parameter;
*) user-manager - fixed PEAP server authentication for Windows clients;
*) vrf - allow to assign interfaces directly along with interface lists;
*) vxlan - added default L2MTU value for improved connectivity in bridged setups;
*) vxlan - improved speed on MIPSBE devices;
*) wifiwave2 - fixed configuration profile renaming;
*) wifiwave2 - moved RADIUS accounting parameters to a separate configuration profile;
*) winbox - added "netmap" action to IPv6 NAT rules;
*) winbox - added IPv6 support for "Network" parameter under "Routing/OSFP/Interface Templates" menu;
*) winbox - added missing IPv6 mangle actions - "mark-routing", "sniff-tzsp", "sniff-pc", "snpt" and "dnpt";
*) winbox - added option to upgrade LTE firmware;
*) winbox - changed extension channel symbol to lower case for WifiWave2;
*) winbox - do not allow to set "memory-lines" parameter out of bounds under "System/Logging/Action" menu;
*) winbox - fixed "routing-mark" and "routing-table" selection in IPv4 and IPv6 firewall and route rules;
*) winbox - fixed private SSH key import;
*) winbox - made "0" the default value for GPS "init-channel" parameter;
*) winbox - made SSID field collapsible for WifiWave2;
*) winbox - moved "RPKI" tab from "Routing/BGP" to "Routing/RPKI" menu;
*) winbox - moved "Tables" tab from "IP/Route" to "Routing" menu;
*) winbox - moved all interface stats columns to the right;
*) winbox - properly load all backups stored in Cloud;
*) winbox - properly show "value" parameter for FWD type entries;
*) winbox - renamed "Backlight" to "OK" under "LCD/Backlight" menu;
*) winbox - renamed "Dst. Address" to "Route Dst." under "IP/Firewall/Mangle" menu;
*) winbox - replaced "routing-table" with VRF in traceroute;
*) winbox - show "External Antenna" parameter on all Chateau devices;
*) winbox - updated WifiWave2 interface fields and tabs;
*) wireguard - do not consider WireGuard interface as ethernet;
*) wireguard - improved system stability when sending WireGuard packets over EoIP;
*) wireless - adjusted antenna gain on Chateau devices;
*) wireless - improved system stability when changing L2MTU for wireless interfaces;
*) wireless - improved system stability when limiting link throughput via "ap-tx-limit" and "client-tx-limit" parameters;
*) wireless - improved system stability when using nv2 protocol on ipq4019 interfaces;
!) container - package is getting updated and will be made available in future, if interested in container feature please use 7.1rc4;
*) arm64 - fixed "total-sector-writes" resetting on each startup;
*) bgp - fixed IBGP nexthop selection;
*) bgp - fixed binding to IPv6 "link-local" address;
*) bgp - fixed missing default "local-pref" on selection;
*) bgp - fixed stability when appending extended communities;
*) bgp - improved stability and other minor fixes;
*) bonding - added warning when using 802.3ad mode without MII link monitoring;
*) bridge - added HW offload support for vlan-filtering on MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) bridge - fixed incorrect "hw=no" setting after reboot in rare cases;
*) bridge - improved MLAG stability;
*) capsman - do not include "access-list" passphrases in the output of export command by default;
*) certificate - added ability to choose the digest algorithm when generating a certificate;
*) chr - fixed FastPath support for VMXNET3 drivers;
*) dhcpv4 - fixed backslash prefix for packet logging;
*) dhcpv6-client - show correct DUID in print;
*) dhcpv6-server - fixed "address-pool" default value;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) dns - fixed memory leak caused by large DNS replies;
*) gps - fixed built-in GPS functionality for LtAP;
*) health - fixed health value reporting on RB5009;
*) ipsec - enabled hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed hardware acceleration support for CHR;
*) l3hw - fixed MTU on receive;
*) l3hw - fixed source MAC address usage for routed packets;
*) leds - adjust "system-led" color based on cellular connection technology on Chateau devices;
*) leds - fixed LED configuration on RB4011;
*) ltap - improved PCIe card support;
*) lte - added "at-chat" support in MBIM mode for Simcom modems in USB composition mode 9003;
*) lte - improved APN re-connection on non LTE networks;
*) lte - improved modem signal monitoring on Chateau 5G;
*) lte - moved notifications about incorrect responses from modem to 'lte' topic;
*) lte - properly show antenna selection on Chateau devices;
*) lte - request modem to restart registration process if timeout detected;
*) ospf - accept LA prefixes from intra-area router's LSA to the routing table;
*) mpls - added ICMP handler (send ICMP ttl exceed on MPLS ttl expiry);
*) ospf - allow to set IPv6 networks for "interface-template";
*) ospf - disable areas with no interface configuration;
*) ospf - do not allow to set "ptp-unnumbered" on IPv6 interfaces;
*) ospf - do not set empty filter chains when upgrading from v6;
*) ospf - improved stability and other minor fixes;
*) ospf - show interface's hello, re-transmit and dead intervals;
*) package - uninstall "container" package when downgrading to v6;
*) pppoe - fixed DHCPv6 PD;
*) quickset - added 5G signal quality information;
*) quickset - made "Password..." button work in Basic AP mode;
*) route - improved stability and other minor fixes;
*) route-filters - fixed "<=" and ">=";
*) route-filters - fixed "ext-community" problems;
*) route-filters - fixed "num range" matchers;
*) route-filters - fixed "route origin" matcher;
*) route-filters - improved completion;
*) route-filters - improved stability and other minor fixes;
*) rpki - added "rpki-query" command;
*) rpki - other minor fixes;
*) snmp - fixed IPsec-SA stats counter reporting;
*) snmp - fixed bulk get/walk with large neighbor version strings;
*) ssl - added support for additional GCM_SHA384 ciphers;
*) ssl - fixed x509 chain validation;
*) switch - fixed bogus statistics after RTL8367 switch reset;
*) system - improved DHCP and HotSpot service stability when shutting down;
*) system - improved system stability when downgrading to v6 with external disks attached;
*) tr069-client - improved compatibility for 5G;
*) traffic-flow - added systematic count-based packet sampling support;
*) user-manager - fixed "rate-limit-priority" parameter;
*) user-manager - fixed PEAP server authentication for Windows clients;
*) vrf - allow to assign interfaces directly along with interface lists;
*) vxlan - added default L2MTU value for improved connectivity in bridged setups;
*) vxlan - improved speed on MIPSBE devices;
*) wifiwave2 - fixed configuration profile renaming;
*) wifiwave2 - moved RADIUS accounting parameters to a separate configuration profile;
*) winbox - added "netmap" action to IPv6 NAT rules;
*) winbox - added IPv6 support for "Network" parameter under "Routing/OSFP/Interface Templates" menu;
*) winbox - added missing IPv6 mangle actions - "mark-routing", "sniff-tzsp", "sniff-pc", "snpt" and "dnpt";
*) winbox - added option to upgrade LTE firmware;
*) winbox - changed extension channel symbol to lower case for WifiWave2;
*) winbox - do not allow to set "memory-lines" parameter out of bounds under "System/Logging/Action" menu;
*) winbox - fixed "routing-mark" and "routing-table" selection in IPv4 and IPv6 firewall and route rules;
*) winbox - fixed private SSH key import;
*) winbox - made "0" the default value for GPS "init-channel" parameter;
*) winbox - made SSID field collapsible for WifiWave2;
*) winbox - moved "RPKI" tab from "Routing/BGP" to "Routing/RPKI" menu;
*) winbox - moved "Tables" tab from "IP/Route" to "Routing" menu;
*) winbox - moved all interface stats columns to the right;
*) winbox - properly load all backups stored in Cloud;
*) winbox - properly show "value" parameter for FWD type entries;
*) winbox - renamed "Backlight" to "OK" under "LCD/Backlight" menu;
*) winbox - renamed "Dst. Address" to "Route Dst." under "IP/Firewall/Mangle" menu;
*) winbox - replaced "routing-table" with VRF in traceroute;
*) winbox - show "External Antenna" parameter on all Chateau devices;
*) winbox - updated WifiWave2 interface fields and tabs;
*) wireguard - do not consider WireGuard interface as ethernet;
*) wireguard - improved system stability when sending WireGuard packets over EoIP;
*) wireless - adjusted antenna gain on Chateau devices;
*) wireless - improved system stability when changing L2MTU for wireless interfaces;
*) wireless - improved system stability when limiting link throughput via "ap-tx-limit" and "client-tx-limit" parameters;
*) wireless - improved system stability when using nv2 protocol on ipq4019 interfaces;
Версия 7.1rc5
2021-10-26
What's new in 7.1rc5 (2021-Oct-25 20:15):
!) container - package is getting updated and will be made available in future, if interested in container feature please use 7.1rc4;
*) arm64 - fixed "total-sector-writes" resetting on each startup;
*) bgp - fixed IBGP nexthop selection;
*) bgp - fixed binding to IPv6 "link-local" address;
*) bgp - fixed missing default "local-pref" on selection;
*) bgp - fixed stability when appending extended communities;
*) bgp - improved stability and other minor fixes;
*) bonding - added warning when using 802.3ad mode without MII link monitoring;
*) bridge - added HW offload support for vlan-filtering on MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) bridge - fixed incorrect "hw=no" setting after reboot in rare cases;
*) bridge - improved MLAG stability;
*) capsman - do not include "access-list" passphrases in the output of export command by default;
*) certificate - added ability to choose the digest algorithm when generating a certificate;
*) chr - fixed FastPath support for VMXNET3 drivers;
*) dhcpv4 - fixed backslash prefix for packet logging;
*) dhcpv6-client - show correct DUID in print;
*) dhcpv6-server - fixed "address-pool" default value;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) dns - fixed memory leak caused by large DNS replies;
*) gps - fixed built-in GPS functionality for LtAP;
*) health - fixed health value reporting on RB5009;
*) ipsec - enabled hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed hardware acceleration support for CHR;
*) l3hw - fixed MTU on receive;
*) l3hw - fixed source MAC address usage for routed packets;
*) leds - adjust "system-led" color based on cellular connection technology on Chateau devices;
*) leds - fixed LED configuration on RB4011;
*) ltap - improved PCIe card support;
*) lte - added "at-chat" support in MBIM mode for Simcom modems in USB composition mode 9003;
*) lte - improved APN re-connection on non LTE networks;
*) lte - improved modem signal monitoring on Chateau 5G;
*) lte - moved notifications about incorrect responses from modem to 'lte' topic;
*) lte - properly show antenna selection on Chateau devices;
*) lte - request modem to restart registration process if timeout detected;
*) ospf - accept LA prefixes from intra-area router's LSA to the routing table;
*) mpls - added ICMP handler (send ICMP ttl exceed on MPLS ttl expiry);
*) ospf - allow to set IPv6 networks for "interface-template";
*) ospf - disable areas with no interface configuration;
*) ospf - do not allow to set "ptp-unnumbered" on IPv6 interfaces;
*) ospf - do not set empty filter chains when upgrading from v6;
*) ospf - improved stability and other minor fixes;
*) ospf - show interface's hello, re-transmit and dead intervals;
*) package - uninstall "container" package when downgrading to v6;
*) pppoe - fixed DHCPv6 PD;
*) quickset - added 5G signal quality information;
*) quickset - made "Password..." button work in Basic AP mode;
*) route - improved stability and other minor fixes;
*) route-filters - fixed "<=" and ">=";
*) route-filters - fixed "ext-community" problems;
*) route-filters - fixed "num range" matchers;
*) route-filters - fixed "route origin" matcher;
*) route-filters - improved completion;
*) route-filters - improved stability and other minor fixes;
*) rpki - added "rpki-query" command;
*) rpki - other minor fixes;
*) snmp - fixed IPsec-SA stats counter reporting;
*) snmp - fixed bulk get/walk with large neighbor version strings;
*) ssl - added support for additional GCM_SHA384 ciphers;
*) ssl - fixed x509 chain validation;
*) switch - fixed bogus statistics after RTL8367 switch reset;
*) system - improved DHCP and HotSpot service stability when shutting down;
*) system - improved system stability when downgrading to v6 with external disks attached;
*) tr069-client - improved compatibility for 5G;
*) traffic-flow - added systematic count-based packet sampling support;
*) user-manager - fixed "rate-limit-priority" parameter;
*) user-manager - fixed PEAP server authentication for Windows clients;
*) vrf - allow to assign interfaces directly along with interface lists;
*) vxlan - added default L2MTU value for improved connectivity in bridged setups;
*) vxlan - improved speed on MIPSBE devices;
*) wifiwave2 - fixed configuration profile renaming;
*) wifiwave2 - moved RADIUS accounting parameters to a separate configuration profile;
*) winbox - added "netmap" action to IPv6 NAT rules;
*) winbox - added IPv6 support for "Network" parameter under "Routing/OSFP/Interface Templates" menu;
*) winbox - added missing IPv6 mangle actions - "mark-routing", "sniff-tzsp", "sniff-pc", "snpt" and "dnpt";
*) winbox - added option to upgrade LTE firmware;
*) winbox - changed extension channel symbol to lower case for WifiWave2;
*) winbox - do not allow to set "memory-lines" parameter out of bounds under "System/Logging/Action" menu;
*) winbox - fixed "routing-mark" and "routing-table" selection in IPv4 and IPv6 firewall and route rules;
*) winbox - fixed private SSH key import;
*) winbox - made "0" the default value for GPS "init-channel" parameter;
*) winbox - made SSID field collapsible for WifiWave2;
*) winbox - moved "RPKI" tab from "Routing/BGP" to "Routing/RPKI" menu;
*) winbox - moved "Tables" tab from "IP/Route" to "Routing" menu;
*) winbox - moved all interface stats columns to the right;
*) winbox - properly load all backups stored in Cloud;
*) winbox - properly show "value" parameter for FWD type entries;
*) winbox - renamed "Backlight" to "OK" under "LCD/Backlight" menu;
*) winbox - renamed "Dst. Address" to "Route Dst." under "IP/Firewall/Mangle" menu;
*) winbox - replaced "routing-table" with VRF in traceroute;
*) winbox - show "External Antenna" parameter on all Chateau devices;
*) winbox - updated WifiWave2 interface fields and tabs;
*) wireguard - do not consider WireGuard interface as ethernet;
*) wireguard - improved system stability when sending WireGuard packets over EoIP;
*) wireless - adjusted antenna gain on Chateau devices;
*) wireless - improved system stability when changing L2MTU for wireless interfaces;
*) wireless - improved system stability when limiting link throughput via "ap-tx-limit" and "client-tx-limit" parameters;
*) wireless - improved system stability when using nv2 protocol on ipq4019 interfaces;
!) container - package is getting updated and will be made available in future, if interested in container feature please use 7.1rc4;
*) arm64 - fixed "total-sector-writes" resetting on each startup;
*) bgp - fixed IBGP nexthop selection;
*) bgp - fixed binding to IPv6 "link-local" address;
*) bgp - fixed missing default "local-pref" on selection;
*) bgp - fixed stability when appending extended communities;
*) bgp - improved stability and other minor fixes;
*) bonding - added warning when using 802.3ad mode without MII link monitoring;
*) bridge - added HW offload support for vlan-filtering on MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) bridge - fixed incorrect "hw=no" setting after reboot in rare cases;
*) bridge - improved MLAG stability;
*) capsman - do not include "access-list" passphrases in the output of export command by default;
*) certificate - added ability to choose the digest algorithm when generating a certificate;
*) chr - fixed FastPath support for VMXNET3 drivers;
*) dhcpv4 - fixed backslash prefix for packet logging;
*) dhcpv6-client - show correct DUID in print;
*) dhcpv6-server - fixed "address-pool" default value;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) dns - fixed memory leak caused by large DNS replies;
*) gps - fixed built-in GPS functionality for LtAP;
*) health - fixed health value reporting on RB5009;
*) ipsec - enabled hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed hardware acceleration support for CHR;
*) l3hw - fixed MTU on receive;
*) l3hw - fixed source MAC address usage for routed packets;
*) leds - adjust "system-led" color based on cellular connection technology on Chateau devices;
*) leds - fixed LED configuration on RB4011;
*) ltap - improved PCIe card support;
*) lte - added "at-chat" support in MBIM mode for Simcom modems in USB composition mode 9003;
*) lte - improved APN re-connection on non LTE networks;
*) lte - improved modem signal monitoring on Chateau 5G;
*) lte - moved notifications about incorrect responses from modem to 'lte' topic;
*) lte - properly show antenna selection on Chateau devices;
*) lte - request modem to restart registration process if timeout detected;
*) ospf - accept LA prefixes from intra-area router's LSA to the routing table;
*) mpls - added ICMP handler (send ICMP ttl exceed on MPLS ttl expiry);
*) ospf - allow to set IPv6 networks for "interface-template";
*) ospf - disable areas with no interface configuration;
*) ospf - do not allow to set "ptp-unnumbered" on IPv6 interfaces;
*) ospf - do not set empty filter chains when upgrading from v6;
*) ospf - improved stability and other minor fixes;
*) ospf - show interface's hello, re-transmit and dead intervals;
*) package - uninstall "container" package when downgrading to v6;
*) pppoe - fixed DHCPv6 PD;
*) quickset - added 5G signal quality information;
*) quickset - made "Password..." button work in Basic AP mode;
*) route - improved stability and other minor fixes;
*) route-filters - fixed "<=" and ">=";
*) route-filters - fixed "ext-community" problems;
*) route-filters - fixed "num range" matchers;
*) route-filters - fixed "route origin" matcher;
*) route-filters - improved completion;
*) route-filters - improved stability and other minor fixes;
*) rpki - added "rpki-query" command;
*) rpki - other minor fixes;
*) snmp - fixed IPsec-SA stats counter reporting;
*) snmp - fixed bulk get/walk with large neighbor version strings;
*) ssl - added support for additional GCM_SHA384 ciphers;
*) ssl - fixed x509 chain validation;
*) switch - fixed bogus statistics after RTL8367 switch reset;
*) system - improved DHCP and HotSpot service stability when shutting down;
*) system - improved system stability when downgrading to v6 with external disks attached;
*) tr069-client - improved compatibility for 5G;
*) traffic-flow - added systematic count-based packet sampling support;
*) user-manager - fixed "rate-limit-priority" parameter;
*) user-manager - fixed PEAP server authentication for Windows clients;
*) vrf - allow to assign interfaces directly along with interface lists;
*) vxlan - added default L2MTU value for improved connectivity in bridged setups;
*) vxlan - improved speed on MIPSBE devices;
*) wifiwave2 - fixed configuration profile renaming;
*) wifiwave2 - moved RADIUS accounting parameters to a separate configuration profile;
*) winbox - added "netmap" action to IPv6 NAT rules;
*) winbox - added IPv6 support for "Network" parameter under "Routing/OSFP/Interface Templates" menu;
*) winbox - added missing IPv6 mangle actions - "mark-routing", "sniff-tzsp", "sniff-pc", "snpt" and "dnpt";
*) winbox - added option to upgrade LTE firmware;
*) winbox - changed extension channel symbol to lower case for WifiWave2;
*) winbox - do not allow to set "memory-lines" parameter out of bounds under "System/Logging/Action" menu;
*) winbox - fixed "routing-mark" and "routing-table" selection in IPv4 and IPv6 firewall and route rules;
*) winbox - fixed private SSH key import;
*) winbox - made "0" the default value for GPS "init-channel" parameter;
*) winbox - made SSID field collapsible for WifiWave2;
*) winbox - moved "RPKI" tab from "Routing/BGP" to "Routing/RPKI" menu;
*) winbox - moved "Tables" tab from "IP/Route" to "Routing" menu;
*) winbox - moved all interface stats columns to the right;
*) winbox - properly load all backups stored in Cloud;
*) winbox - properly show "value" parameter for FWD type entries;
*) winbox - renamed "Backlight" to "OK" under "LCD/Backlight" menu;
*) winbox - renamed "Dst. Address" to "Route Dst." under "IP/Firewall/Mangle" menu;
*) winbox - replaced "routing-table" with VRF in traceroute;
*) winbox - show "External Antenna" parameter on all Chateau devices;
*) winbox - updated WifiWave2 interface fields and tabs;
*) wireguard - do not consider WireGuard interface as ethernet;
*) wireguard - improved system stability when sending WireGuard packets over EoIP;
*) wireless - adjusted antenna gain on Chateau devices;
*) wireless - improved system stability when changing L2MTU for wireless interfaces;
*) wireless - improved system stability when limiting link throughput via "ap-tx-limit" and "client-tx-limit" parameters;
*) wireless - improved system stability when using nv2 protocol on ipq4019 interfaces;
Версия 7.1rc5
2021-10-26
What's new in 7.1rc5 (2021-Oct-25 20:15):
!) container - package is getting updated and will be made available in future, if interested in container feature please use 7.1rc4;
*) arm64 - fixed "total-sector-writes" resetting on each startup;
*) bgp - fixed IBGP nexthop selection;
*) bgp - fixed binding to IPv6 "link-local" address;
*) bgp - fixed missing default "local-pref" on selection;
*) bgp - fixed stability when appending extended communities;
*) bgp - improved stability and other minor fixes;
*) bonding - added warning when using 802.3ad mode without MII link monitoring;
*) bridge - added HW offload support for vlan-filtering on MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) bridge - fixed incorrect "hw=no" setting after reboot in rare cases;
*) bridge - improved MLAG stability;
*) capsman - do not include "access-list" passphrases in the output of export command by default;
*) certificate - added ability to choose the digest algorithm when generating a certificate;
*) chr - fixed FastPath support for VMXNET3 drivers;
*) dhcpv4 - fixed backslash prefix for packet logging;
*) dhcpv6-client - show correct DUID in print;
*) dhcpv6-server - fixed "address-pool" default value;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) dns - fixed memory leak caused by large DNS replies;
*) gps - fixed built-in GPS functionality for LtAP;
*) health - fixed health value reporting on RB5009;
*) ipsec - enabled hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed hardware acceleration support for CHR;
*) l3hw - fixed MTU on receive;
*) l3hw - fixed source MAC address usage for routed packets;
*) leds - adjust "system-led" color based on cellular connection technology on Chateau devices;
*) leds - fixed LED configuration on RB4011;
*) ltap - improved PCIe card support;
*) lte - added "at-chat" support in MBIM mode for Simcom modems in USB composition mode 9003;
*) lte - improved APN re-connection on non LTE networks;
*) lte - improved modem signal monitoring on Chateau 5G;
*) lte - moved notifications about incorrect responses from modem to 'lte' topic;
*) lte - properly show antenna selection on Chateau devices;
*) lte - request modem to restart registration process if timeout detected;
*) ospf - accept LA prefixes from intra-area router's LSA to the routing table;
*) mpls - added ICMP handler (send ICMP ttl exceed on MPLS ttl expiry);
*) ospf - allow to set IPv6 networks for "interface-template";
*) ospf - disable areas with no interface configuration;
*) ospf - do not allow to set "ptp-unnumbered" on IPv6 interfaces;
*) ospf - do not set empty filter chains when upgrading from v6;
*) ospf - improved stability and other minor fixes;
*) ospf - show interface's hello, re-transmit and dead intervals;
*) package - uninstall "container" package when downgrading to v6;
*) pppoe - fixed DHCPv6 PD;
*) quickset - added 5G signal quality information;
*) quickset - made "Password..." button work in Basic AP mode;
*) route - improved stability and other minor fixes;
*) route-filters - fixed "<=" and ">=";
*) route-filters - fixed "ext-community" problems;
*) route-filters - fixed "num range" matchers;
*) route-filters - fixed "route origin" matcher;
*) route-filters - improved completion;
*) route-filters - improved stability and other minor fixes;
*) rpki - added "rpki-query" command;
*) rpki - other minor fixes;
*) snmp - fixed IPsec-SA stats counter reporting;
*) snmp - fixed bulk get/walk with large neighbor version strings;
*) ssl - added support for additional GCM_SHA384 ciphers;
*) ssl - fixed x509 chain validation;
*) switch - fixed bogus statistics after RTL8367 switch reset;
*) system - improved DHCP and HotSpot service stability when shutting down;
*) system - improved system stability when downgrading to v6 with external disks attached;
*) tr069-client - improved compatibility for 5G;
*) traffic-flow - added systematic count-based packet sampling support;
*) user-manager - fixed "rate-limit-priority" parameter;
*) user-manager - fixed PEAP server authentication for Windows clients;
*) vrf - allow to assign interfaces directly along with interface lists;
*) vxlan - added default L2MTU value for improved connectivity in bridged setups;
*) vxlan - improved speed on MIPSBE devices;
*) wifiwave2 - fixed configuration profile renaming;
*) wifiwave2 - moved RADIUS accounting parameters to a separate configuration profile;
*) winbox - added "netmap" action to IPv6 NAT rules;
*) winbox - added IPv6 support for "Network" parameter under "Routing/OSFP/Interface Templates" menu;
*) winbox - added missing IPv6 mangle actions - "mark-routing", "sniff-tzsp", "sniff-pc", "snpt" and "dnpt";
*) winbox - added option to upgrade LTE firmware;
*) winbox - changed extension channel symbol to lower case for WifiWave2;
*) winbox - do not allow to set "memory-lines" parameter out of bounds under "System/Logging/Action" menu;
*) winbox - fixed "routing-mark" and "routing-table" selection in IPv4 and IPv6 firewall and route rules;
*) winbox - fixed private SSH key import;
*) winbox - made "0" the default value for GPS "init-channel" parameter;
*) winbox - made SSID field collapsible for WifiWave2;
*) winbox - moved "RPKI" tab from "Routing/BGP" to "Routing/RPKI" menu;
*) winbox - moved "Tables" tab from "IP/Route" to "Routing" menu;
*) winbox - moved all interface stats columns to the right;
*) winbox - properly load all backups stored in Cloud;
*) winbox - properly show "value" parameter for FWD type entries;
*) winbox - renamed "Backlight" to "OK" under "LCD/Backlight" menu;
*) winbox - renamed "Dst. Address" to "Route Dst." under "IP/Firewall/Mangle" menu;
*) winbox - replaced "routing-table" with VRF in traceroute;
*) winbox - show "External Antenna" parameter on all Chateau devices;
*) winbox - updated WifiWave2 interface fields and tabs;
*) wireguard - do not consider WireGuard interface as ethernet;
*) wireguard - improved system stability when sending WireGuard packets over EoIP;
*) wireless - adjusted antenna gain on Chateau devices;
*) wireless - improved system stability when changing L2MTU for wireless interfaces;
*) wireless - improved system stability when limiting link throughput via "ap-tx-limit" and "client-tx-limit" parameters;
*) wireless - improved system stability when using nv2 protocol on ipq4019 interfaces;
!) container - package is getting updated and will be made available in future, if interested in container feature please use 7.1rc4;
*) arm64 - fixed "total-sector-writes" resetting on each startup;
*) bgp - fixed IBGP nexthop selection;
*) bgp - fixed binding to IPv6 "link-local" address;
*) bgp - fixed missing default "local-pref" on selection;
*) bgp - fixed stability when appending extended communities;
*) bgp - improved stability and other minor fixes;
*) bonding - added warning when using 802.3ad mode without MII link monitoring;
*) bridge - added HW offload support for vlan-filtering on MT7621 switch chip (hEX, hEX S, RBM33G, RBM11G, LtAP);
*) bridge - fixed incorrect "hw=no" setting after reboot in rare cases;
*) bridge - improved MLAG stability;
*) capsman - do not include "access-list" passphrases in the output of export command by default;
*) certificate - added ability to choose the digest algorithm when generating a certificate;
*) chr - fixed FastPath support for VMXNET3 drivers;
*) dhcpv4 - fixed backslash prefix for packet logging;
*) dhcpv6-client - show correct DUID in print;
*) dhcpv6-server - fixed "address-pool" default value;
*) dhcpv6-server - fixed DUID generation with timestamp;
*) dns - fixed memory leak caused by large DNS replies;
*) gps - fixed built-in GPS functionality for LtAP;
*) health - fixed health value reporting on RB5009;
*) ipsec - enabled hardware acceleration support for ARM and ARM64 devices;
*) ipsec - fixed hardware acceleration support for CHR;
*) l3hw - fixed MTU on receive;
*) l3hw - fixed source MAC address usage for routed packets;
*) leds - adjust "system-led" color based on cellular connection technology on Chateau devices;
*) leds - fixed LED configuration on RB4011;
*) ltap - improved PCIe card support;
*) lte - added "at-chat" support in MBIM mode for Simcom modems in USB composition mode 9003;
*) lte - improved APN re-connection on non LTE networks;
*) lte - improved modem signal monitoring on Chateau 5G;
*) lte - moved notifications about incorrect responses from modem to 'lte' topic;
*) lte - properly show antenna selection on Chateau devices;
*) lte - request modem to restart registration process if timeout detected;
*) ospf - accept LA prefixes from intra-area router's LSA to the routing table;
*) mpls - added ICMP handler (send ICMP ttl exceed on MPLS ttl expiry);
*) ospf - allow to set IPv6 networks for "interface-template";
*) ospf - disable areas with no interface configuration;
*) ospf - do not allow to set "ptp-unnumbered" on IPv6 interfaces;
*) ospf - do not set empty filter chains when upgrading from v6;
*) ospf - improved stability and other minor fixes;
*) ospf - show interface's hello, re-transmit and dead intervals;
*) package - uninstall "container" package when downgrading to v6;
*) pppoe - fixed DHCPv6 PD;
*) quickset - added 5G signal quality information;
*) quickset - made "Password..." button work in Basic AP mode;
*) route - improved stability and other minor fixes;
*) route-filters - fixed "<=" and ">=";
*) route-filters - fixed "ext-community" problems;
*) route-filters - fixed "num range" matchers;
*) route-filters - fixed "route origin" matcher;
*) route-filters - improved completion;
*) route-filters - improved stability and other minor fixes;
*) rpki - added "rpki-query" command;
*) rpki - other minor fixes;
*) snmp - fixed IPsec-SA stats counter reporting;
*) snmp - fixed bulk get/walk with large neighbor version strings;
*) ssl - added support for additional GCM_SHA384 ciphers;
*) ssl - fixed x509 chain validation;
*) switch - fixed bogus statistics after RTL8367 switch reset;
*) system - improved DHCP and HotSpot service stability when shutting down;
*) system - improved system stability when downgrading to v6 with external disks attached;
*) tr069-client - improved compatibility for 5G;
*) traffic-flow - added systematic count-based packet sampling support;
*) user-manager - fixed "rate-limit-priority" parameter;
*) user-manager - fixed PEAP server authentication for Windows clients;
*) vrf - allow to assign interfaces directly along with interface lists;
*) vxlan - added default L2MTU value for improved connectivity in bridged setups;
*) vxlan - improved speed on MIPSBE devices;
*) wifiwave2 - fixed configuration profile renaming;
*) wifiwave2 - moved RADIUS accounting parameters to a separate configuration profile;
*) winbox - added "netmap" action to IPv6 NAT rules;
*) winbox - added IPv6 support for "Network" parameter under "Routing/OSFP/Interface Templates" menu;
*) winbox - added missing IPv6 mangle actions - "mark-routing", "sniff-tzsp", "sniff-pc", "snpt" and "dnpt";
*) winbox - added option to upgrade LTE firmware;
*) winbox - changed extension channel symbol to lower case for WifiWave2;
*) winbox - do not allow to set "memory-lines" parameter out of bounds under "System/Logging/Action" menu;
*) winbox - fixed "routing-mark" and "routing-table" selection in IPv4 and IPv6 firewall and route rules;
*) winbox - fixed private SSH key import;
*) winbox - made "0" the default value for GPS "init-channel" parameter;
*) winbox - made SSID field collapsible for WifiWave2;
*) winbox - moved "RPKI" tab from "Routing/BGP" to "Routing/RPKI" menu;
*) winbox - moved "Tables" tab from "IP/Route" to "Routing" menu;
*) winbox - moved all interface stats columns to the right;
*) winbox - properly load all backups stored in Cloud;
*) winbox - properly show "value" parameter for FWD type entries;
*) winbox - renamed "Backlight" to "OK" under "LCD/Backlight" menu;
*) winbox - renamed "Dst. Address" to "Route Dst." under "IP/Firewall/Mangle" menu;
*) winbox - replaced "routing-table" with VRF in traceroute;
*) winbox - show "External Antenna" parameter on all Chateau devices;
*) winbox - updated WifiWave2 interface fields and tabs;
*) wireguard - do not consider WireGuard interface as ethernet;
*) wireguard - improved system stability when sending WireGuard packets over EoIP;
*) wireless - adjusted antenna gain on Chateau devices;
*) wireless - improved system stability when changing L2MTU for wireless interfaces;
*) wireless - improved system stability when limiting link throughput via "ap-tx-limit" and "client-tx-limit" parameters;
*) wireless - improved system stability when using nv2 protocol on ipq4019 interfaces;
Версия 7.1rc4
2021-09-20
What's new in 7.1rc4 (2021-Sep-20 13:18):
*) improved filesystem and configuration storage stability;
*) show "expired password" prompt for users with blank password;
*) other fixes and improvements;
*) improved filesystem and configuration storage stability;
*) show "expired password" prompt for users with blank password;
*) other fixes and improvements;
Версия 7.1rc4
2021-09-20
What's new in 7.1rc4 (2021-Sep-20 13:18):
*) improved filesystem and configuration storage stability;
*) show "expired password" prompt for users with blank password;
*) other fixes and improvements;
*) improved filesystem and configuration storage stability;
*) show "expired password" prompt for users with blank password;
*) other fixes and improvements;
Версия 7.1rc4
2021-09-20
What's new in 7.1rc4 (2021-Sep-20 13:18):
*) improved filesystem and configuration storage stability;
*) show "expired password" prompt for users with blank password;
*) other fixes and improvements;
*) improved filesystem and configuration storage stability;
*) show "expired password" prompt for users with blank password;
*) other fixes and improvements;
Версия 7.1rc4
2021-09-20
What's new in 7.1rc4 (2021-Sep-20 13:18):
*) improved filesystem and configuration storage stability;
*) show "expired password" prompt for users with blank password;
*) other fixes and improvements;
*) improved filesystem and configuration storage stability;
*) show "expired password" prompt for users with blank password;
*) other fixes and improvements;
Версия 7.1rc3
2021-09-08
What's new in 7.1rc3 (2021-Sep-08 13:29):
*) added IPSec hardware acceleration support for RB5009;
*) added support for running Docker (TM) containers;
*) added ZeroTier (TM) support for ARM and ARM64;
*) fixed L2TP establishment (introduced in v7.1rc2);
*) fixed LDPv6;
*) functionality and stability improvements for L2TPv3;
*) VPLS stability improvements;
*) other minor fixes and improvements;
*) added IPSec hardware acceleration support for RB5009;
*) added support for running Docker (TM) containers;
*) added ZeroTier (TM) support for ARM and ARM64;
*) fixed L2TP establishment (introduced in v7.1rc2);
*) fixed LDPv6;
*) functionality and stability improvements for L2TPv3;
*) VPLS stability improvements;
*) other minor fixes and improvements;
Версия 7.1rc3
2021-09-08
What's new in 7.1rc3 (2021-Sep-08 13:29):
*) added IPSec hardware acceleration support for RB5009;
*) added support for running Docker (TM) containers;
*) added ZeroTier (TM) support for ARM and ARM64;
*) fixed L2TP establishment (introduced in v7.1rc2);
*) fixed LDPv6;
*) functionality and stability improvements for L2TPv3;
*) VPLS stability improvements;
*) other minor fixes and improvements;
*) added IPSec hardware acceleration support for RB5009;
*) added support for running Docker (TM) containers;
*) added ZeroTier (TM) support for ARM and ARM64;
*) fixed L2TP establishment (introduced in v7.1rc2);
*) fixed LDPv6;
*) functionality and stability improvements for L2TPv3;
*) VPLS stability improvements;
*) other minor fixes and improvements;
Версия 7.1rc3
2021-09-08
What's new in 7.1rc3 (2021-Sep-08 13:29):
*) added IPSec hardware acceleration support for RB5009;
*) added support for running Docker (TM) containers;
*) added ZeroTier (TM) support for ARM and ARM64;
*) fixed L2TP establishment (introduced in v7.1rc2);
*) fixed LDPv6;
*) functionality and stability improvements for L2TPv3;
*) VPLS stability improvements;
*) other minor fixes and improvements;
*) added IPSec hardware acceleration support for RB5009;
*) added support for running Docker (TM) containers;
*) added ZeroTier (TM) support for ARM and ARM64;
*) fixed L2TP establishment (introduced in v7.1rc2);
*) fixed LDPv6;
*) functionality and stability improvements for L2TPv3;
*) VPLS stability improvements;
*) other minor fixes and improvements;
Версия 7.1rc3
2021-09-08
What's new in 7.1rc3 (2021-Sep-08 13:29):
*) added IPSec hardware acceleration support for RB5009;
*) added support for running Docker (TM) containers;
*) added ZeroTier (TM) support for ARM and ARM64;
*) fixed L2TP establishment (introduced in v7.1rc2);
*) fixed LDPv6;
*) functionality and stability improvements for L2TPv3;
*) VPLS stability improvements;
*) other minor fixes and improvements;
*) added IPSec hardware acceleration support for RB5009;
*) added support for running Docker (TM) containers;
*) added ZeroTier (TM) support for ARM and ARM64;
*) fixed L2TP establishment (introduced in v7.1rc2);
*) fixed LDPv6;
*) functionality and stability improvements for L2TPv3;
*) VPLS stability improvements;
*) other minor fixes and improvements;
Версия 7.1rc2
2021-08-31
What's new in 7.1rc2 (2021-Aug-31 11:07):
*) added "failure" flag for VRRP;
*) fixed support for IGMP-Proxy;
*) fixed support for NV2;
*) fixed wifwave2 virtual AP configuration on boards with country locks;
*) improved routing filter configuration;
*) improved system stability when using CAKE and fq_codel queues;
*) other minor fixes and improvements;
*) added "failure" flag for VRRP;
*) fixed support for IGMP-Proxy;
*) fixed support for NV2;
*) fixed wifwave2 virtual AP configuration on boards with country locks;
*) improved routing filter configuration;
*) improved system stability when using CAKE and fq_codel queues;
*) other minor fixes and improvements;
Версия 7.1rc2
2021-08-31
What's new in 7.1rc2 (2021-Aug-31 11:07):
*) added "failure" flag for VRRP;
*) fixed support for IGMP-Proxy;
*) fixed support for NV2;
*) fixed wifwave2 virtual AP configuration on boards with country locks;
*) improved routing filter configuration;
*) improved system stability when using CAKE and fq_codel queues;
*) other minor fixes and improvements;
*) added "failure" flag for VRRP;
*) fixed support for IGMP-Proxy;
*) fixed support for NV2;
*) fixed wifwave2 virtual AP configuration on boards with country locks;
*) improved routing filter configuration;
*) improved system stability when using CAKE and fq_codel queues;
*) other minor fixes and improvements;
Версия 7.1rc2
2021-08-31
What's new in 7.1rc2 (2021-Aug-31 11:07):
*) added "failure" flag for VRRP;
*) fixed support for IGMP-Proxy;
*) fixed support for NV2;
*) fixed wifwave2 virtual AP configuration on boards with country locks;
*) improved routing filter configuration;
*) improved system stability when using CAKE and fq_codel queues;
*) other minor fixes and improvements;
*) added "failure" flag for VRRP;
*) fixed support for IGMP-Proxy;
*) fixed support for NV2;
*) fixed wifwave2 virtual AP configuration on boards with country locks;
*) improved routing filter configuration;
*) improved system stability when using CAKE and fq_codel queues;
*) other minor fixes and improvements;
Версия 7.1rc2
2021-08-31
What's new in 7.1rc2 (2021-Aug-31 11:07):
*) added "failure" flag for VRRP;
*) fixed support for IGMP-Proxy;
*) fixed support for NV2;
*) fixed wifwave2 virtual AP configuration on boards with country locks;
*) improved routing filter configuration;
*) improved system stability when using CAKE and fq_codel queues;
*) other minor fixes and improvements;
*) added "failure" flag for VRRP;
*) fixed support for IGMP-Proxy;
*) fixed support for NV2;
*) fixed wifwave2 virtual AP configuration on boards with country locks;
*) improved routing filter configuration;
*) improved system stability when using CAKE and fq_codel queues;
*) other minor fixes and improvements;
Версия 7.1rc1
2021-08-23
What's new in 7.1rc1 (2021-Aug-19 13:06):
!) added support for IPv6 NAT (CLI only);
!) added support for L2TPv3 (CLI only);
*) added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) added bridge HW offload support for vlan-filtering on RTL8367 switch chip (RB4011, RB1100AHx4);
*) added password strength requirement settings;
*) added skin support for WinBox (WinBox v3.29 required);
*) fixed support for RIP (Routing Information Protocol);
*) improved general stability and performance;
*) other minor fixes and improvements;
!) added support for IPv6 NAT (CLI only);
!) added support for L2TPv3 (CLI only);
*) added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) added bridge HW offload support for vlan-filtering on RTL8367 switch chip (RB4011, RB1100AHx4);
*) added password strength requirement settings;
*) added skin support for WinBox (WinBox v3.29 required);
*) fixed support for RIP (Routing Information Protocol);
*) improved general stability and performance;
*) other minor fixes and improvements;
Версия 7.1rc1
2021-08-23
What's new in 7.1rc1 (2021-Aug-19 13:06):
!) added support for IPv6 NAT (CLI only);
!) added support for L2TPv3 (CLI only);
*) added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) added bridge HW offload support for vlan-filtering on RTL8367 switch chip (RB4011, RB1100AHx4);
*) added password strength requirement settings;
*) added skin support for WinBox (WinBox v3.29 required);
*) fixed support for RIP (Routing Information Protocol);
*) improved general stability and performance;
*) other minor fixes and improvements;
!) added support for IPv6 NAT (CLI only);
!) added support for L2TPv3 (CLI only);
*) added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) added bridge HW offload support for vlan-filtering on RTL8367 switch chip (RB4011, RB1100AHx4);
*) added password strength requirement settings;
*) added skin support for WinBox (WinBox v3.29 required);
*) fixed support for RIP (Routing Information Protocol);
*) improved general stability and performance;
*) other minor fixes and improvements;
Версия 7.1rc1
2021-08-23
What's new in 7.1rc1 (2021-Aug-19 13:06):
!) added support for IPv6 NAT (CLI only);
!) added support for L2TPv3 (CLI only);
*) added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) added bridge HW offload support for vlan-filtering on RTL8367 switch chip (RB4011, RB1100AHx4);
*) added password strength requirement settings;
*) added skin support for WinBox (WinBox v3.29 required);
*) fixed support for RIP (Routing Information Protocol);
*) improved general stability and performance;
*) other minor fixes and improvements;
!) added support for IPv6 NAT (CLI only);
!) added support for L2TPv3 (CLI only);
*) added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) added bridge HW offload support for vlan-filtering on RTL8367 switch chip (RB4011, RB1100AHx4);
*) added password strength requirement settings;
*) added skin support for WinBox (WinBox v3.29 required);
*) fixed support for RIP (Routing Information Protocol);
*) improved general stability and performance;
*) other minor fixes and improvements;
Версия 7.1rc1
2021-08-23
What's new in 7.1rc1 (2021-Aug-19 13:06):
!) added support for IPv6 NAT (CLI only);
!) added support for L2TPv3 (CLI only);
*) added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) added bridge HW offload support for vlan-filtering on RTL8367 switch chip (RB4011, RB1100AHx4);
*) added password strength requirement settings;
*) added skin support for WinBox (WinBox v3.29 required);
*) fixed support for RIP (Routing Information Protocol);
*) improved general stability and performance;
*) other minor fixes and improvements;
!) added support for IPv6 NAT (CLI only);
!) added support for L2TPv3 (CLI only);
*) added "expired" user status with suggestion to change password (WinBox v3.29 required);
*) added bridge HW offload support for vlan-filtering on RTL8367 switch chip (RB4011, RB1100AHx4);
*) added password strength requirement settings;
*) added skin support for WinBox (WinBox v3.29 required);
*) fixed support for RIP (Routing Information Protocol);
*) improved general stability and performance;
*) other minor fixes and improvements;
Версия 7.1beta6
2021-05-19
What's new in 7.1beta6 (2021-May-18 14:49):
!) added support for Let's Encrypt certificate generation;
!) added L3 HW support for all CRS3xx devices;
!) added MLAG support for CRS3xx devices (CLI only);
!) ported features and fixes introduced in v6.49;
*) other minor fixes and improvements;
!) added support for Let's Encrypt certificate generation;
!) added L3 HW support for all CRS3xx devices;
!) added MLAG support for CRS3xx devices (CLI only);
!) ported features and fixes introduced in v6.49;
*) other minor fixes and improvements;
Версия 7.1beta6
2021-05-19
What's new in 7.1beta6 (2021-May-18 14:49):
!) added support for Let's Encrypt certificate generation;
!) added L3 HW support for all CRS3xx devices;
!) added MLAG support for CRS3xx devices (CLI only);
!) ported features and fixes introduced in v6.49;
*) other minor fixes and improvements;
!) added support for Let's Encrypt certificate generation;
!) added L3 HW support for all CRS3xx devices;
!) added MLAG support for CRS3xx devices (CLI only);
!) ported features and fixes introduced in v6.49;
*) other minor fixes and improvements;
Версия 7.1beta6
2021-05-19
What's new in 7.1beta6 (2021-May-18 14:49):
!) added support for Let's Encrypt certificate generation;
!) added L3 HW support for all CRS3xx devices;
!) added MLAG support for CRS3xx devices (CLI only);
!) ported features and fixes introduced in v6.49;
*) other minor fixes and improvements;
!) added support for Let's Encrypt certificate generation;
!) added L3 HW support for all CRS3xx devices;
!) added MLAG support for CRS3xx devices (CLI only);
!) ported features and fixes introduced in v6.49;
*) other minor fixes and improvements;
Версия 7.1beta6
2021-05-19
What's new in 7.1beta6 (2021-May-18 14:49):
!) added support for Let's Encrypt certificate generation;
!) added L3 HW support for all CRS3xx devices;
!) added MLAG support for CRS3xx devices (CLI only);
!) ported features and fixes introduced in v6.49;
*) other minor fixes and improvements;
!) added support for Let's Encrypt certificate generation;
!) added L3 HW support for all CRS3xx devices;
!) added MLAG support for CRS3xx devices (CLI only);
!) ported features and fixes introduced in v6.49;
*) other minor fixes and improvements;
Версия 7.1beta5
2021-03-17
What's new in 7.1beta5 (2021-Mar-16 14:41):
!) added new "iot" package with initial Bluetooth (KNOT only) and MQTT publisher support;
!) ported features and fixes introduced in v6.48.1;
!) enabled initial MPLS support (CLI only);
*) export - fixed "export" command hanging;
*) wifiwave2 - improved interface stability with multiple WPA3 authenticated clients;
*) other minor fixes and improvements;
!) added new "iot" package with initial Bluetooth (KNOT only) and MQTT publisher support;
!) ported features and fixes introduced in v6.48.1;
!) enabled initial MPLS support (CLI only);
*) export - fixed "export" command hanging;
*) wifiwave2 - improved interface stability with multiple WPA3 authenticated clients;
*) other minor fixes and improvements;
Версия 7.1beta5
2021-03-17
What's new in 7.1beta5 (2021-Mar-16 14:41):
!) added new "iot" package with initial Bluetooth (KNOT only) and MQTT publisher support;
!) ported features and fixes introduced in v6.48.1;
!) enabled initial MPLS support (CLI only);
*) export - fixed "export" command hanging;
*) wifiwave2 - improved interface stability with multiple WPA3 authenticated clients;
*) other minor fixes and improvements;
!) added new "iot" package with initial Bluetooth (KNOT only) and MQTT publisher support;
!) ported features and fixes introduced in v6.48.1;
!) enabled initial MPLS support (CLI only);
*) export - fixed "export" command hanging;
*) wifiwave2 - improved interface stability with multiple WPA3 authenticated clients;
*) other minor fixes and improvements;
Версия 7.1beta5
2021-03-17
What's new in 7.1beta5 (2021-Mar-16 14:41):
!) added new "iot" package with initial Bluetooth (KNOT only) and MQTT publisher support;
!) ported features and fixes introduced in v6.48.1;
!) enabled initial MPLS support (CLI only);
*) export - fixed "export" command hanging;
*) wifiwave2 - improved interface stability with multiple WPA3 authenticated clients;
*) other minor fixes and improvements;
!) added new "iot" package with initial Bluetooth (KNOT only) and MQTT publisher support;
!) ported features and fixes introduced in v6.48.1;
!) enabled initial MPLS support (CLI only);
*) export - fixed "export" command hanging;
*) wifiwave2 - improved interface stability with multiple WPA3 authenticated clients;
*) other minor fixes and improvements;
Версия 7.1beta5
2021-03-17
What's new in 7.1beta5 (2021-Mar-16 14:41):
!) added new "iot" package with initial Bluetooth (KNOT only) and MQTT publisher support;
!) ported features and fixes introduced in v6.48.1;
!) enabled initial MPLS support (CLI only);
*) export - fixed "export" command hanging;
*) wifiwave2 - improved interface stability with multiple WPA3 authenticated clients;
*) other minor fixes and improvements;
!) added new "iot" package with initial Bluetooth (KNOT only) and MQTT publisher support;
!) ported features and fixes introduced in v6.48.1;
!) enabled initial MPLS support (CLI only);
*) export - fixed "export" command hanging;
*) wifiwave2 - improved interface stability with multiple WPA3 authenticated clients;
*) other minor fixes and improvements;
Версия 7.1beta4
2021-02-04
What's new in 7.1beta4 (2021-Feb-03 09:39):
*) api - added support for REST API;
*) crs3xx - fixed Layer3 hardware offloading;
*) route - routing rules improvements;
*) winbox - added support for wifiwave2;
*) winbox - updated User Manager, OSPF and BGP menus;
*) wifiwave2 - authentication and functionality improvements;
*) other fixes and improvements;
*) api - added support for REST API;
*) crs3xx - fixed Layer3 hardware offloading;
*) route - routing rules improvements;
*) winbox - added support for wifiwave2;
*) winbox - updated User Manager, OSPF and BGP menus;
*) wifiwave2 - authentication and functionality improvements;
*) other fixes and improvements;
Версия 7.1beta4
2021-02-04
What's new in 7.1beta4 (2021-Feb-03 09:39):
*) api - added support for REST API;
*) crs3xx - fixed Layer3 hardware offloading;
*) route - routing rules improvements;
*) winbox - added support for wifiwave2;
*) winbox - updated User Manager, OSPF and BGP menus;
*) wifiwave2 - authentication and functionality improvements;
*) other fixes and improvements;
*) api - added support for REST API;
*) crs3xx - fixed Layer3 hardware offloading;
*) route - routing rules improvements;
*) winbox - added support for wifiwave2;
*) winbox - updated User Manager, OSPF and BGP menus;
*) wifiwave2 - authentication and functionality improvements;
*) other fixes and improvements;
Версия 7.1beta4
2021-02-04
What's new in 7.1beta4 (2021-Feb-03 09:39):
*) api - added support for REST API;
*) crs3xx - fixed Layer3 hardware offloading;
*) route - routing rules improvements;
*) winbox - added support for wifiwave2;
*) winbox - updated User Manager, OSPF and BGP menus;
*) wifiwave2 - authentication and functionality improvements;
*) other fixes and improvements;
*) api - added support for REST API;
*) crs3xx - fixed Layer3 hardware offloading;
*) route - routing rules improvements;
*) winbox - added support for wifiwave2;
*) winbox - updated User Manager, OSPF and BGP menus;
*) wifiwave2 - authentication and functionality improvements;
*) other fixes and improvements;
Версия 7.1beta4
2021-02-04
What's new in 7.1beta4 (2021-Feb-03 09:39):
*) api - added support for REST API;
*) crs3xx - fixed Layer3 hardware offloading;
*) route - routing rules improvements;
*) winbox - added support for wifiwave2;
*) winbox - updated User Manager, OSPF and BGP menus;
*) wifiwave2 - authentication and functionality improvements;
*) other fixes and improvements;
*) api - added support for REST API;
*) crs3xx - fixed Layer3 hardware offloading;
*) route - routing rules improvements;
*) winbox - added support for wifiwave2;
*) winbox - updated User Manager, OSPF and BGP menus;
*) wifiwave2 - authentication and functionality improvements;
*) other fixes and improvements;
Версия 7.1beta3
2020-12-03
What's new in 7.1beta3 (2020-Dec-02 15:59):
!) added support for "Cake" and "FQ_Codel" type queues;
!) added new experimental wireless package "wifiwave2" for ARM devices with more than 256 MB of RAM (CLI only);
*) bgp - template parameters are now exposed in connection;
*) chr - added support for SR-IOV
*) routing - added "route", "routing table", "route rules" and BGP configuration migration from RouterOS v6 after upgrade;
*) routing - renamed "instance" menu to "id";
*) other fixes and improvements;
!) added support for "Cake" and "FQ_Codel" type queues;
!) added new experimental wireless package "wifiwave2" for ARM devices with more than 256 MB of RAM (CLI only);
*) bgp - template parameters are now exposed in connection;
*) chr - added support for SR-IOV
*) routing - added "route", "routing table", "route rules" and BGP configuration migration from RouterOS v6 after upgrade;
*) routing - renamed "instance" menu to "id";
*) other fixes and improvements;
Версия 7.1beta3
2020-12-03
What's new in 7.1beta3 (2020-Dec-02 15:59):
!) added support for "Cake" and "FQ_Codel" type queues;
!) added new experimental wireless package "wifiwave2" for ARM devices with more than 256 MB of RAM (CLI only);
*) bgp - template parameters are now exposed in connection;
*) chr - added support for SR-IOV
*) routing - added "route", "routing table", "route rules" and BGP configuration migration from RouterOS v6 after upgrade;
*) routing - renamed "instance" menu to "id";
*) other fixes and improvements;
!) added support for "Cake" and "FQ_Codel" type queues;
!) added new experimental wireless package "wifiwave2" for ARM devices with more than 256 MB of RAM (CLI only);
*) bgp - template parameters are now exposed in connection;
*) chr - added support for SR-IOV
*) routing - added "route", "routing table", "route rules" and BGP configuration migration from RouterOS v6 after upgrade;
*) routing - renamed "instance" menu to "id";
*) other fixes and improvements;
Версия 7.1beta3
2020-12-03
What's new in 7.1beta3 (2020-Dec-02 15:59):
!) added support for "Cake" and "FQ_Codel" type queues;
!) added new experimental wireless package "wifiwave2" for ARM devices with more than 256 MB of RAM (CLI only);
*) bgp - template parameters are now exposed in connection;
*) chr - added support for SR-IOV
*) routing - added "route", "routing table", "route rules" and BGP configuration migration from RouterOS v6 after upgrade;
*) routing - renamed "instance" menu to "id";
*) other fixes and improvements;
!) added support for "Cake" and "FQ_Codel" type queues;
!) added new experimental wireless package "wifiwave2" for ARM devices with more than 256 MB of RAM (CLI only);
*) bgp - template parameters are now exposed in connection;
*) chr - added support for SR-IOV
*) routing - added "route", "routing table", "route rules" and BGP configuration migration from RouterOS v6 after upgrade;
*) routing - renamed "instance" menu to "id";
*) other fixes and improvements;
Версия 7.1beta3
2020-12-03
What's new in 7.1beta3 (2020-Dec-02 15:59):
!) added support for "Cake" and "FQ_Codel" type queues;
!) added new experimental wireless package "wifiwave2" for ARM devices with more than 256 MB of RAM (CLI only);
*) bgp - template parameters are now exposed in connection;
*) chr - added support for SR-IOV
*) routing - added "route", "routing table", "route rules" and BGP configuration migration from RouterOS v6 after upgrade;
*) routing - renamed "instance" menu to "id";
*) other fixes and improvements;
!) added support for "Cake" and "FQ_Codel" type queues;
!) added new experimental wireless package "wifiwave2" for ARM devices with more than 256 MB of RAM (CLI only);
*) bgp - template parameters are now exposed in connection;
*) chr - added support for SR-IOV
*) routing - added "route", "routing table", "route rules" and BGP configuration migration from RouterOS v6 after upgrade;
*) routing - renamed "instance" menu to "id";
*) other fixes and improvements;
Версия 7.1beta2
2020-08-21
What's new in 7.1beta2 (2020-Aug-21 12:29):
!) added "bgp-network" output filter flag;
!) added bonding interface support for Layer3 hardware offloading;
!) added IPv6 nexthop support for IPv4 routes;
!) added Layer3 hardware offloading support for CRS309-1G-8S+IN, CRS312-4C+8XG-RM and CRS326-24S+2Q+RM;
!) added WireGuard support;
*) disk - improved external disk read/write speed;
*) ospf - fixed point to point routes becoming inactive;
*) route - fixed source address selection of outgoing packets;
*) other minor fixes and improvements;
!) added "bgp-network" output filter flag;
!) added bonding interface support for Layer3 hardware offloading;
!) added IPv6 nexthop support for IPv4 routes;
!) added Layer3 hardware offloading support for CRS309-1G-8S+IN, CRS312-4C+8XG-RM and CRS326-24S+2Q+RM;
!) added WireGuard support;
*) disk - improved external disk read/write speed;
*) ospf - fixed point to point routes becoming inactive;
*) route - fixed source address selection of outgoing packets;
*) other minor fixes and improvements;
Версия 7.1beta2
2020-08-21
What's new in 7.1beta2 (2020-Aug-21 12:29):
!) added "bgp-network" output filter flag;
!) added bonding interface support for Layer3 hardware offloading;
!) added IPv6 nexthop support for IPv4 routes;
!) added Layer3 hardware offloading support for CRS309-1G-8S+IN, CRS312-4C+8XG-RM and CRS326-24S+2Q+RM;
!) added WireGuard support;
*) disk - improved external disk read/write speed;
*) ospf - fixed point to point routes becoming inactive;
*) route - fixed source address selection of outgoing packets;
*) other minor fixes and improvements;
!) added "bgp-network" output filter flag;
!) added bonding interface support for Layer3 hardware offloading;
!) added IPv6 nexthop support for IPv4 routes;
!) added Layer3 hardware offloading support for CRS309-1G-8S+IN, CRS312-4C+8XG-RM and CRS326-24S+2Q+RM;
!) added WireGuard support;
*) disk - improved external disk read/write speed;
*) ospf - fixed point to point routes becoming inactive;
*) route - fixed source address selection of outgoing packets;
*) other minor fixes and improvements;
Версия 7.1beta2
2020-08-21
What's new in 7.1beta2 (2020-Aug-21 12:29):
!) added "bgp-network" output filter flag;
!) added bonding interface support for Layer3 hardware offloading;
!) added IPv6 nexthop support for IPv4 routes;
!) added Layer3 hardware offloading support for CRS309-1G-8S+IN, CRS312-4C+8XG-RM and CRS326-24S+2Q+RM;
!) added WireGuard support;
*) disk - improved external disk read/write speed;
*) ospf - fixed point to point routes becoming inactive;
*) route - fixed source address selection of outgoing packets;
*) other minor fixes and improvements;
!) added "bgp-network" output filter flag;
!) added bonding interface support for Layer3 hardware offloading;
!) added IPv6 nexthop support for IPv4 routes;
!) added Layer3 hardware offloading support for CRS309-1G-8S+IN, CRS312-4C+8XG-RM and CRS326-24S+2Q+RM;
!) added WireGuard support;
*) disk - improved external disk read/write speed;
*) ospf - fixed point to point routes becoming inactive;
*) route - fixed source address selection of outgoing packets;
*) other minor fixes and improvements;
Версия 7.1beta2
2020-08-21
What's new in 7.1beta2 (2020-Aug-21 12:29):
!) added "bgp-network" output filter flag;
!) added bonding interface support for Layer3 hardware offloading;
!) added IPv6 nexthop support for IPv4 routes;
!) added Layer3 hardware offloading support for CRS309-1G-8S+IN, CRS312-4C+8XG-RM and CRS326-24S+2Q+RM;
!) added WireGuard support;
*) disk - improved external disk read/write speed;
*) ospf - fixed point to point routes becoming inactive;
*) route - fixed source address selection of outgoing packets;
*) other minor fixes and improvements;
!) added "bgp-network" output filter flag;
!) added bonding interface support for Layer3 hardware offloading;
!) added IPv6 nexthop support for IPv4 routes;
!) added Layer3 hardware offloading support for CRS309-1G-8S+IN, CRS312-4C+8XG-RM and CRS326-24S+2Q+RM;
!) added WireGuard support;
*) disk - improved external disk read/write speed;
*) ospf - fixed point to point routes becoming inactive;
*) route - fixed source address selection of outgoing packets;
*) other minor fixes and improvements;
Версия 7.1beta1
2020-07-21
What's new in 7.1beta1 (2020-Jul-21 08:58):
!) added FastTrack and NAT hardware offloading support for CRS317-1G-16S+RM;
!) ported features and fixes introduced in v6.47.1;
*) route - added rpki-check;
*) route - bgp improvements;
*) route - do not allow modifying/deleting "main" table;
*) route - fixed incorrectly interpreted prefix states received from RTR;
*) route - fixed IPv6 ECMP connected routes;
*) route - fixed IPv6 policy routing;
*) route - routing rules improvements;
*) wireless - fixed wireless performance for 802.11b/g/n and 802.11a/n interfaces on non-ARM architecture devices;
*) other minor fixes and improvements;
!) added FastTrack and NAT hardware offloading support for CRS317-1G-16S+RM;
!) ported features and fixes introduced in v6.47.1;
*) route - added rpki-check;
*) route - bgp improvements;
*) route - do not allow modifying/deleting "main" table;
*) route - fixed incorrectly interpreted prefix states received from RTR;
*) route - fixed IPv6 ECMP connected routes;
*) route - fixed IPv6 policy routing;
*) route - routing rules improvements;
*) wireless - fixed wireless performance for 802.11b/g/n and 802.11a/n interfaces on non-ARM architecture devices;
*) other minor fixes and improvements;
Версия 7.1beta1
2020-07-21
What's new in 7.1beta1 (2020-Jul-21 08:58):
!) added FastTrack and NAT hardware offloading support for CRS317-1G-16S+RM;
!) ported features and fixes introduced in v6.47.1;
*) route - added rpki-check;
*) route - bgp improvements;
*) route - do not allow modifying/deleting "main" table;
*) route - fixed incorrectly interpreted prefix states received from RTR;
*) route - fixed IPv6 ECMP connected routes;
*) route - fixed IPv6 policy routing;
*) route - routing rules improvements;
*) wireless - fixed wireless performance for 802.11b/g/n and 802.11a/n interfaces on non-ARM architecture devices;
*) other minor fixes and improvements;
!) added FastTrack and NAT hardware offloading support for CRS317-1G-16S+RM;
!) ported features and fixes introduced in v6.47.1;
*) route - added rpki-check;
*) route - bgp improvements;
*) route - do not allow modifying/deleting "main" table;
*) route - fixed incorrectly interpreted prefix states received from RTR;
*) route - fixed IPv6 ECMP connected routes;
*) route - fixed IPv6 policy routing;
*) route - routing rules improvements;
*) wireless - fixed wireless performance for 802.11b/g/n and 802.11a/n interfaces on non-ARM architecture devices;
*) other minor fixes and improvements;
Версия 7.1beta1
2020-07-21
What's new in 7.1beta1 (2020-Jul-21 08:58):
!) added FastTrack and NAT hardware offloading support for CRS317-1G-16S+RM;
!) ported features and fixes introduced in v6.47.1;
*) route - added rpki-check;
*) route - bgp improvements;
*) route - do not allow modifying/deleting "main" table;
*) route - fixed incorrectly interpreted prefix states received from RTR;
*) route - fixed IPv6 ECMP connected routes;
*) route - fixed IPv6 policy routing;
*) route - routing rules improvements;
*) wireless - fixed wireless performance for 802.11b/g/n and 802.11a/n interfaces on non-ARM architecture devices;
*) other minor fixes and improvements;
!) added FastTrack and NAT hardware offloading support for CRS317-1G-16S+RM;
!) ported features and fixes introduced in v6.47.1;
*) route - added rpki-check;
*) route - bgp improvements;
*) route - do not allow modifying/deleting "main" table;
*) route - fixed incorrectly interpreted prefix states received from RTR;
*) route - fixed IPv6 ECMP connected routes;
*) route - fixed IPv6 policy routing;
*) route - routing rules improvements;
*) wireless - fixed wireless performance for 802.11b/g/n and 802.11a/n interfaces on non-ARM architecture devices;
*) other minor fixes and improvements;
Версия 7.1beta1
2020-07-21
What's new in 7.1beta1 (2020-Jul-21 08:58):
!) added FastTrack and NAT hardware offloading support for CRS317-1G-16S+RM;
!) ported features and fixes introduced in v6.47.1;
*) route - added rpki-check;
*) route - bgp improvements;
*) route - do not allow modifying/deleting "main" table;
*) route - fixed incorrectly interpreted prefix states received from RTR;
*) route - fixed IPv6 ECMP connected routes;
*) route - fixed IPv6 policy routing;
*) route - routing rules improvements;
*) wireless - fixed wireless performance for 802.11b/g/n and 802.11a/n interfaces on non-ARM architecture devices;
*) other minor fixes and improvements;
!) added FastTrack and NAT hardware offloading support for CRS317-1G-16S+RM;
!) ported features and fixes introduced in v6.47.1;
*) route - added rpki-check;
*) route - bgp improvements;
*) route - do not allow modifying/deleting "main" table;
*) route - fixed incorrectly interpreted prefix states received from RTR;
*) route - fixed IPv6 ECMP connected routes;
*) route - fixed IPv6 policy routing;
*) route - routing rules improvements;
*) wireless - fixed wireless performance for 802.11b/g/n and 802.11a/n interfaces on non-ARM architecture devices;
*) other minor fixes and improvements;
Версия 7.0beta8
2020-06-04
What's new in 7.0beta8 (2020-Jun-4 15:04):
*) fixed CLI dependencies for routing menu;
*) fixed CLI dependencies for routing menu;
Версия 7.0beta8
2020-06-04
What's new in 7.0beta8 (2020-Jun-4 15:04):
*) fixed CLI dependencies for routing menu;
*) fixed CLI dependencies for routing menu;
Версия 7.0beta8
2020-06-04
What's new in 7.0beta8 (2020-Jun-4 15:04):
*) fixed CLI dependencies for routing menu;
*) fixed CLI dependencies for routing menu;
Версия 7.0beta8
2020-06-04
What's new in 7.0beta8 (2020-Jun-4 15:04):
*) fixed CLI dependencies for routing menu;
*) fixed CLI dependencies for routing menu;
Версия 7.0beta7
2020-06-04
What's new in 7.0beta7 (2020-Jun-3 16:31):
!) added Layer3 hardware offloading support for CRS317-1G-16S+RM more info here: https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches#L3_Hardware_Offloading
!) enabled BGP support with multicore peer processing (CLI only);
!) enabled RPKI support (CLI only);
!) ported features and fixes introduced in v6.47;
!) routing updates, complete status report: https://help.mikrotik.com/docs/display/ROS/v7+Routing+Protocol+Status
!) system kernel has been updated to version 5.6.3;
*) other minor fixes and improvements;
!) added Layer3 hardware offloading support for CRS317-1G-16S+RM more info here: https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches#L3_Hardware_Offloading
!) enabled BGP support with multicore peer processing (CLI only);
!) enabled RPKI support (CLI only);
!) ported features and fixes introduced in v6.47;
!) routing updates, complete status report: https://help.mikrotik.com/docs/display/ROS/v7+Routing+Protocol+Status
!) system kernel has been updated to version 5.6.3;
*) other minor fixes and improvements;
Версия 7.0beta7
2020-06-04
What's new in 7.0beta7 (2020-Jun-3 16:31):
!) added Layer3 hardware offloading support for CRS317-1G-16S+RM more info here: https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches#L3_Hardware_Offloading
!) enabled BGP support with multicore peer processing (CLI only);
!) enabled RPKI support (CLI only);
!) ported features and fixes introduced in v6.47;
!) routing updates, complete status report: https://help.mikrotik.com/docs/display/ROS/v7+Routing+Protocol+Status
!) system kernel has been updated to version 5.6.3;
*) other minor fixes and improvements;
!) added Layer3 hardware offloading support for CRS317-1G-16S+RM more info here: https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches#L3_Hardware_Offloading
!) enabled BGP support with multicore peer processing (CLI only);
!) enabled RPKI support (CLI only);
!) ported features and fixes introduced in v6.47;
!) routing updates, complete status report: https://help.mikrotik.com/docs/display/ROS/v7+Routing+Protocol+Status
!) system kernel has been updated to version 5.6.3;
*) other minor fixes and improvements;
Версия 7.0beta7
2020-06-04
What's new in 7.0beta7 (2020-Jun-3 16:31):
!) added Layer3 hardware offloading support for CRS317-1G-16S+RM more info here: https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches#L3_Hardware_Offloading
!) enabled BGP support with multicore peer processing (CLI only);
!) enabled RPKI support (CLI only);
!) ported features and fixes introduced in v6.47;
!) routing updates, complete status report: https://help.mikrotik.com/docs/display/ROS/v7+Routing+Protocol+Status
!) system kernel has been updated to version 5.6.3;
*) other minor fixes and improvements;
!) added Layer3 hardware offloading support for CRS317-1G-16S+RM more info here: https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches#L3_Hardware_Offloading
!) enabled BGP support with multicore peer processing (CLI only);
!) enabled RPKI support (CLI only);
!) ported features and fixes introduced in v6.47;
!) routing updates, complete status report: https://help.mikrotik.com/docs/display/ROS/v7+Routing+Protocol+Status
!) system kernel has been updated to version 5.6.3;
*) other minor fixes and improvements;
Версия 7.0beta7
2020-06-04
What's new in 7.0beta7 (2020-Jun-3 16:31):
!) added Layer3 hardware offloading support for CRS317-1G-16S+RM more info here: https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches#L3_Hardware_Offloading
!) enabled BGP support with multicore peer processing (CLI only);
!) enabled RPKI support (CLI only);
!) ported features and fixes introduced in v6.47;
!) routing updates, complete status report: https://help.mikrotik.com/docs/display/ROS/v7+Routing+Protocol+Status
!) system kernel has been updated to version 5.6.3;
*) other minor fixes and improvements;
!) added Layer3 hardware offloading support for CRS317-1G-16S+RM more info here: https://wiki.mikrotik.com/wiki/Manual:CRS3xx_series_switches#L3_Hardware_Offloading
!) enabled BGP support with multicore peer processing (CLI only);
!) enabled RPKI support (CLI only);
!) ported features and fixes introduced in v6.47;
!) routing updates, complete status report: https://help.mikrotik.com/docs/display/ROS/v7+Routing+Protocol+Status
!) system kernel has been updated to version 5.6.3;
*) other minor fixes and improvements;
Версия 7.0beta5
2020-02-14
What's new in 7.0beta5 (2020-Feb-7 11:56):
Introduced issues:
- RB850Gx2 and RB911 does not boot
New features in this release:
!) x86 - introduced UEFI boot mode support;
!) vxlan - added support for Virtual eXtensible Local Area Network (VXLAN);
!) vrrp - added connection tracking data replication from VRRP master to backup;
!) vrrp - added support for VRRP grouping;
!) winbox - minimal required version is v3.21;
*) other minor fixes and improvements;
Introduced issues:
- RB850Gx2 and RB911 does not boot
New features in this release:
!) x86 - introduced UEFI boot mode support;
!) vxlan - added support for Virtual eXtensible Local Area Network (VXLAN);
!) vrrp - added connection tracking data replication from VRRP master to backup;
!) vrrp - added support for VRRP grouping;
!) winbox - minimal required version is v3.21;
*) other minor fixes and improvements;
Версия 7.0beta5
2020-02-14
What's new in 7.0beta5 (2020-Feb-7 11:56):
Introduced issues:
- RB850Gx2 and RB911 does not boot
New features in this release:
!) x86 - introduced UEFI boot mode support;
!) vxlan - added support for Virtual eXtensible Local Area Network (VXLAN);
!) vrrp - added connection tracking data replication from VRRP master to backup;
!) vrrp - added support for VRRP grouping;
!) winbox - minimal required version is v3.21;
*) other minor fixes and improvements;
Introduced issues:
- RB850Gx2 and RB911 does not boot
New features in this release:
!) x86 - introduced UEFI boot mode support;
!) vxlan - added support for Virtual eXtensible Local Area Network (VXLAN);
!) vrrp - added connection tracking data replication from VRRP master to backup;
!) vrrp - added support for VRRP grouping;
!) winbox - minimal required version is v3.21;
*) other minor fixes and improvements;
Версия 7.0beta5
2020-02-14
What's new in 7.0beta5 (2020-Feb-7 11:56):
Introduced issues:
- RB850Gx2 and RB911 does not boot
New features in this release:
!) x86 - introduced UEFI boot mode support;
!) vxlan - added support for Virtual eXtensible Local Area Network (VXLAN);
!) vrrp - added connection tracking data replication from VRRP master to backup;
!) vrrp - added support for VRRP grouping;
!) winbox - minimal required version is v3.21;
*) other minor fixes and improvements;
Introduced issues:
- RB850Gx2 and RB911 does not boot
New features in this release:
!) x86 - introduced UEFI boot mode support;
!) vxlan - added support for Virtual eXtensible Local Area Network (VXLAN);
!) vrrp - added connection tracking data replication from VRRP master to backup;
!) vrrp - added support for VRRP grouping;
!) winbox - minimal required version is v3.21;
*) other minor fixes and improvements;
Версия 7.0beta5
2020-02-14
What's new in 7.0beta5 (2020-Feb-7 11:56):
Introduced issues:
- RB850Gx2 and RB911 does not boot
New features in this release:
!) x86 - introduced UEFI boot mode support;
!) vxlan - added support for Virtual eXtensible Local Area Network (VXLAN);
!) vrrp - added connection tracking data replication from VRRP master to backup;
!) vrrp - added support for VRRP grouping;
!) winbox - minimal required version is v3.21;
*) other minor fixes and improvements;
Introduced issues:
- RB850Gx2 and RB911 does not boot
New features in this release:
!) x86 - introduced UEFI boot mode support;
!) vxlan - added support for Virtual eXtensible Local Area Network (VXLAN);
!) vrrp - added connection tracking data replication from VRRP master to backup;
!) vrrp - added support for VRRP grouping;
!) winbox - minimal required version is v3.21;
*) other minor fixes and improvements;
Версия 7.0beta4
2019-12-09
What's new in 7.0beta4 (2019-Dec-06 13:21):
!) included all features and fixes from 6.46 version;
!) implemented completely new User Manager package;
*) dhcpv4-server - added "option-set" parameter for each "vendor-class-id";
*) dhcpv4-server - added "radius-password' parameter under "config" menu;
*) dhcpv6-client - allow reading passed options in script;
*) dhcpv6-relay - include client's Link-Layer address in option 79;
*) interface - improved support for Intel, Mellanox and other generic network cards;
*) ipsec - fixed action=none policies;
*) ipv6 - added "disable-ipv6" parameter;
*) lte - added support for Quectel EC25-E;
*) lte - added support for Sierra Wireless MC7304;
*) lte - improved system stability when resetting modem;
*) package - fixed USB and CD-ROM installs;
*) ssh - improved key exchange algorithm support;
*) system - fixed port duplication on each system reboot;
!) included all features and fixes from 6.46 version;
!) implemented completely new User Manager package;
*) dhcpv4-server - added "option-set" parameter for each "vendor-class-id";
*) dhcpv4-server - added "radius-password' parameter under "config" menu;
*) dhcpv6-client - allow reading passed options in script;
*) dhcpv6-relay - include client's Link-Layer address in option 79;
*) interface - improved support for Intel, Mellanox and other generic network cards;
*) ipsec - fixed action=none policies;
*) ipv6 - added "disable-ipv6" parameter;
*) lte - added support for Quectel EC25-E;
*) lte - added support for Sierra Wireless MC7304;
*) lte - improved system stability when resetting modem;
*) package - fixed USB and CD-ROM installs;
*) ssh - improved key exchange algorithm support;
*) system - fixed port duplication on each system reboot;
Версия 7.0beta4
2019-12-09
What's new in 7.0beta4 (2019-Dec-06 13:21):
!) included all features and fixes from 6.46 version;
!) implemented completely new User Manager package;
*) dhcpv4-server - added "option-set" parameter for each "vendor-class-id";
*) dhcpv4-server - added "radius-password' parameter under "config" menu;
*) dhcpv6-client - allow reading passed options in script;
*) dhcpv6-relay - include client's Link-Layer address in option 79;
*) interface - improved support for Intel, Mellanox and other generic network cards;
*) ipsec - fixed action=none policies;
*) ipv6 - added "disable-ipv6" parameter;
*) lte - added support for Quectel EC25-E;
*) lte - added support for Sierra Wireless MC7304;
*) lte - improved system stability when resetting modem;
*) package - fixed USB and CD-ROM installs;
*) ssh - improved key exchange algorithm support;
*) system - fixed port duplication on each system reboot;
!) included all features and fixes from 6.46 version;
!) implemented completely new User Manager package;
*) dhcpv4-server - added "option-set" parameter for each "vendor-class-id";
*) dhcpv4-server - added "radius-password' parameter under "config" menu;
*) dhcpv6-client - allow reading passed options in script;
*) dhcpv6-relay - include client's Link-Layer address in option 79;
*) interface - improved support for Intel, Mellanox and other generic network cards;
*) ipsec - fixed action=none policies;
*) ipv6 - added "disable-ipv6" parameter;
*) lte - added support for Quectel EC25-E;
*) lte - added support for Sierra Wireless MC7304;
*) lte - improved system stability when resetting modem;
*) package - fixed USB and CD-ROM installs;
*) ssh - improved key exchange algorithm support;
*) system - fixed port duplication on each system reboot;
Версия 7.0beta4
2019-12-09
What's new in 7.0beta4 (2019-Dec-06 13:21):
!) included all features and fixes from 6.46 version;
!) implemented completely new User Manager package;
*) dhcpv4-server - added "option-set" parameter for each "vendor-class-id";
*) dhcpv4-server - added "radius-password' parameter under "config" menu;
*) dhcpv6-client - allow reading passed options in script;
*) dhcpv6-relay - include client's Link-Layer address in option 79;
*) interface - improved support for Intel, Mellanox and other generic network cards;
*) ipsec - fixed action=none policies;
*) ipv6 - added "disable-ipv6" parameter;
*) lte - added support for Quectel EC25-E;
*) lte - added support for Sierra Wireless MC7304;
*) lte - improved system stability when resetting modem;
*) package - fixed USB and CD-ROM installs;
*) ssh - improved key exchange algorithm support;
*) system - fixed port duplication on each system reboot;
!) included all features and fixes from 6.46 version;
!) implemented completely new User Manager package;
*) dhcpv4-server - added "option-set" parameter for each "vendor-class-id";
*) dhcpv4-server - added "radius-password' parameter under "config" menu;
*) dhcpv6-client - allow reading passed options in script;
*) dhcpv6-relay - include client's Link-Layer address in option 79;
*) interface - improved support for Intel, Mellanox and other generic network cards;
*) ipsec - fixed action=none policies;
*) ipv6 - added "disable-ipv6" parameter;
*) lte - added support for Quectel EC25-E;
*) lte - added support for Sierra Wireless MC7304;
*) lte - improved system stability when resetting modem;
*) package - fixed USB and CD-ROM installs;
*) ssh - improved key exchange algorithm support;
*) system - fixed port duplication on each system reboot;
Версия 7.0beta4
2019-12-09
What's new in 7.0beta4 (2019-Dec-06 13:21):
!) included all features and fixes from 6.46 version;
!) implemented completely new User Manager package;
*) dhcpv4-server - added "option-set" parameter for each "vendor-class-id";
*) dhcpv4-server - added "radius-password' parameter under "config" menu;
*) dhcpv6-client - allow reading passed options in script;
*) dhcpv6-relay - include client's Link-Layer address in option 79;
*) interface - improved support for Intel, Mellanox and other generic network cards;
*) ipsec - fixed action=none policies;
*) ipv6 - added "disable-ipv6" parameter;
*) lte - added support for Quectel EC25-E;
*) lte - added support for Sierra Wireless MC7304;
*) lte - improved system stability when resetting modem;
*) package - fixed USB and CD-ROM installs;
*) ssh - improved key exchange algorithm support;
*) system - fixed port duplication on each system reboot;
!) included all features and fixes from 6.46 version;
!) implemented completely new User Manager package;
*) dhcpv4-server - added "option-set" parameter for each "vendor-class-id";
*) dhcpv4-server - added "radius-password' parameter under "config" menu;
*) dhcpv6-client - allow reading passed options in script;
*) dhcpv6-relay - include client's Link-Layer address in option 79;
*) interface - improved support for Intel, Mellanox and other generic network cards;
*) ipsec - fixed action=none policies;
*) ipv6 - added "disable-ipv6" parameter;
*) lte - added support for Quectel EC25-E;
*) lte - added support for Sierra Wireless MC7304;
*) lte - improved system stability when resetting modem;
*) package - fixed USB and CD-ROM installs;
*) ssh - improved key exchange algorithm support;
*) system - fixed port duplication on each system reboot;
Версия 7.0beta3
2019-10-23
## General information
+) Based on Kernel 4.14.131
+) New CLI style which is more similar to API commands (v6 commands still supported)
+) OpenVPN UDP protocol support added
+) New NTP client and server implementation, both now included in RouterOS main package
+) removed individual packages, only bundle and a few extra packages will remain
+) ipv6 is now built into RouterOS main package and is always enabled
-) BGP is disabled right now, until further notice
-) MPLS is disabled right now, until further notice
-) Not all packages have been published at the moment
-) Winbox does not show all features, use CLI for most functionality
## Changelog since 7.0beta2
*) capsman - fixed UDP communication between CAPsMAN and CAP;
*) certificate - fixed ECDSA certificate parsing;
*) crs3xx - fixed SFP/SFP+ module detection;
*) ike2 - fixed EAP payload processing on initiator;
*) package - added RouterOS system packages for all current architectures;
*) poe - fixed single PoE out port initialization on RB760, RB3011 and RB4011;
*) snmp - fixed SNMP MIB database;
*) torrent - removed Torrent feature from RouterOS;
+) Based on Kernel 4.14.131
+) New CLI style which is more similar to API commands (v6 commands still supported)
+) OpenVPN UDP protocol support added
+) New NTP client and server implementation, both now included in RouterOS main package
+) removed individual packages, only bundle and a few extra packages will remain
+) ipv6 is now built into RouterOS main package and is always enabled
-) BGP is disabled right now, until further notice
-) MPLS is disabled right now, until further notice
-) Not all packages have been published at the moment
-) Winbox does not show all features, use CLI for most functionality
## Changelog since 7.0beta2
*) capsman - fixed UDP communication between CAPsMAN and CAP;
*) certificate - fixed ECDSA certificate parsing;
*) crs3xx - fixed SFP/SFP+ module detection;
*) ike2 - fixed EAP payload processing on initiator;
*) package - added RouterOS system packages for all current architectures;
*) poe - fixed single PoE out port initialization on RB760, RB3011 and RB4011;
*) snmp - fixed SNMP MIB database;
*) torrent - removed Torrent feature from RouterOS;
Версия 7.0beta3
2019-10-23
## General information
+) Based on Kernel 4.14.131
+) New CLI style which is more similar to API commands (v6 commands still supported)
+) OpenVPN UDP protocol support added
+) New NTP client and server implementation, both now included in RouterOS main package
+) removed individual packages, only bundle and a few extra packages will remain
+) ipv6 is now built into RouterOS main package and is always enabled
-) BGP is disabled right now, until further notice
-) MPLS is disabled right now, until further notice
-) Not all packages have been published at the moment
-) Winbox does not show all features, use CLI for most functionality
## Changelog since 7.0beta2
*) capsman - fixed UDP communication between CAPsMAN and CAP;
*) certificate - fixed ECDSA certificate parsing;
*) crs3xx - fixed SFP/SFP+ module detection;
*) ike2 - fixed EAP payload processing on initiator;
*) package - added RouterOS system packages for all current architectures;
*) poe - fixed single PoE out port initialization on RB760, RB3011 and RB4011;
*) snmp - fixed SNMP MIB database;
*) torrent - removed Torrent feature from RouterOS;
+) Based on Kernel 4.14.131
+) New CLI style which is more similar to API commands (v6 commands still supported)
+) OpenVPN UDP protocol support added
+) New NTP client and server implementation, both now included in RouterOS main package
+) removed individual packages, only bundle and a few extra packages will remain
+) ipv6 is now built into RouterOS main package and is always enabled
-) BGP is disabled right now, until further notice
-) MPLS is disabled right now, until further notice
-) Not all packages have been published at the moment
-) Winbox does not show all features, use CLI for most functionality
## Changelog since 7.0beta2
*) capsman - fixed UDP communication between CAPsMAN and CAP;
*) certificate - fixed ECDSA certificate parsing;
*) crs3xx - fixed SFP/SFP+ module detection;
*) ike2 - fixed EAP payload processing on initiator;
*) package - added RouterOS system packages for all current architectures;
*) poe - fixed single PoE out port initialization on RB760, RB3011 and RB4011;
*) snmp - fixed SNMP MIB database;
*) torrent - removed Torrent feature from RouterOS;
Версия 7.0beta3
2019-10-23
## General information
+) Based on Kernel 4.14.131
+) New CLI style which is more similar to API commands (v6 commands still supported)
+) OpenVPN UDP protocol support added
+) New NTP client and server implementation, both now included in RouterOS main package
+) removed individual packages, only bundle and a few extra packages will remain
+) ipv6 is now built into RouterOS main package and is always enabled
-) BGP is disabled right now, until further notice
-) MPLS is disabled right now, until further notice
-) Not all packages have been published at the moment
-) Winbox does not show all features, use CLI for most functionality
## Changelog since 7.0beta2
*) capsman - fixed UDP communication between CAPsMAN and CAP;
*) certificate - fixed ECDSA certificate parsing;
*) crs3xx - fixed SFP/SFP+ module detection;
*) ike2 - fixed EAP payload processing on initiator;
*) package - added RouterOS system packages for all current architectures;
*) poe - fixed single PoE out port initialization on RB760, RB3011 and RB4011;
*) snmp - fixed SNMP MIB database;
*) torrent - removed Torrent feature from RouterOS;
+) Based on Kernel 4.14.131
+) New CLI style which is more similar to API commands (v6 commands still supported)
+) OpenVPN UDP protocol support added
+) New NTP client and server implementation, both now included in RouterOS main package
+) removed individual packages, only bundle and a few extra packages will remain
+) ipv6 is now built into RouterOS main package and is always enabled
-) BGP is disabled right now, until further notice
-) MPLS is disabled right now, until further notice
-) Not all packages have been published at the moment
-) Winbox does not show all features, use CLI for most functionality
## Changelog since 7.0beta2
*) capsman - fixed UDP communication between CAPsMAN and CAP;
*) certificate - fixed ECDSA certificate parsing;
*) crs3xx - fixed SFP/SFP+ module detection;
*) ike2 - fixed EAP payload processing on initiator;
*) package - added RouterOS system packages for all current architectures;
*) poe - fixed single PoE out port initialization on RB760, RB3011 and RB4011;
*) snmp - fixed SNMP MIB database;
*) torrent - removed Torrent feature from RouterOS;
Версия 7.0beta3
2019-10-23
## General information
+) Based on Kernel 4.14.131
+) New CLI style which is more similar to API commands (v6 commands still supported)
+) OpenVPN UDP protocol support added
+) New NTP client and server implementation, both now included in RouterOS main package
+) removed individual packages, only bundle and a few extra packages will remain
+) ipv6 is now built into RouterOS main package and is always enabled
-) BGP is disabled right now, until further notice
-) MPLS is disabled right now, until further notice
-) Not all packages have been published at the moment
-) Winbox does not show all features, use CLI for most functionality
## Changelog since 7.0beta2
*) capsman - fixed UDP communication between CAPsMAN and CAP;
*) certificate - fixed ECDSA certificate parsing;
*) crs3xx - fixed SFP/SFP+ module detection;
*) ike2 - fixed EAP payload processing on initiator;
*) package - added RouterOS system packages for all current architectures;
*) poe - fixed single PoE out port initialization on RB760, RB3011 and RB4011;
*) snmp - fixed SNMP MIB database;
*) torrent - removed Torrent feature from RouterOS;
+) Based on Kernel 4.14.131
+) New CLI style which is more similar to API commands (v6 commands still supported)
+) OpenVPN UDP protocol support added
+) New NTP client and server implementation, both now included in RouterOS main package
+) removed individual packages, only bundle and a few extra packages will remain
+) ipv6 is now built into RouterOS main package and is always enabled
-) BGP is disabled right now, until further notice
-) MPLS is disabled right now, until further notice
-) Not all packages have been published at the moment
-) Winbox does not show all features, use CLI for most functionality
## Changelog since 7.0beta2
*) capsman - fixed UDP communication between CAPsMAN and CAP;
*) certificate - fixed ECDSA certificate parsing;
*) crs3xx - fixed SFP/SFP+ module detection;
*) ike2 - fixed EAP payload processing on initiator;
*) package - added RouterOS system packages for all current architectures;
*) poe - fixed single PoE out port initialization on RB760, RB3011 and RB4011;
*) snmp - fixed SNMP MIB database;
*) torrent - removed Torrent feature from RouterOS;
Версия 7.0.9
2021-11-08
What's new in 7.0.9 (2021-Oct-28 18:43):
(factory only release)
(factory only release)
Версия 7.0.9
2021-11-08
What's new in 7.0.9 (2021-Oct-28 18:43):
(factory only release)
(factory only release)
Версия 7.0.9
2021-11-08
What's new in 7.0.9 (2021-Oct-28 18:43):
(factory only release)
(factory only release)
Версия 7.0.9
2021-11-08
What's new in 7.0.9 (2021-Oct-28 18:43):
(factory only release)
(factory only release)
Версия 6.49.8
2023-07-20
What's new in 6.49.8 (2023-Jul-19 13:40):
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) console - updated copyright notice;
*) defconf - fixed invalid default password setting after configuration reset for 60GHz interface (introduced in v6.49.5);
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) hotspot - improved stability when receiving bogus packets;
*) smb - fixed SMB2 file list reporting;
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) console - updated copyright notice;
*) defconf - fixed invalid default password setting after configuration reset for 60GHz interface (introduced in v6.49.5);
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) hotspot - improved stability when receiving bogus packets;
*) smb - fixed SMB2 file list reporting;
Версия 6.49.8
2023-07-20
What's new in 6.49.8 (2023-Jul-19 13:40):
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) console - updated copyright notice;
*) defconf - fixed invalid default password setting after configuration reset for 60GHz interface (introduced in v6.49.5);
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) hotspot - improved stability when receiving bogus packets;
*) smb - fixed SMB2 file list reporting;
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) console - updated copyright notice;
*) defconf - fixed invalid default password setting after configuration reset for 60GHz interface (introduced in v6.49.5);
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) hotspot - improved stability when receiving bogus packets;
*) smb - fixed SMB2 file list reporting;
Версия 6.49.8
2023-07-20
What's new in 6.49.8 (2023-Jul-19 13:40):
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) console - updated copyright notice;
*) defconf - fixed invalid default password setting after configuration reset for 60GHz interface (introduced in v6.49.5);
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) hotspot - improved stability when receiving bogus packets;
*) smb - fixed SMB2 file list reporting;
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) console - updated copyright notice;
*) defconf - fixed invalid default password setting after configuration reset for 60GHz interface (introduced in v6.49.5);
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) hotspot - improved stability when receiving bogus packets;
*) smb - fixed SMB2 file list reporting;
Версия 6.49.10
2023-09-15
What's new in 6.49.10 (2023-Sep-15 08:06):
*) www - improved service stability when receiving malformed packets;
*) www - improved service stability when receiving malformed packets;
Версия 6.49.10
2023-09-15
What's new in 6.49.10 (2023-Sep-15 08:06):
*) www - improved service stability when receiving malformed packets;
*) www - improved service stability when receiving malformed packets;
Версия 6.49.10
2023-09-15
What's new in 6.49.10 (2023-Sep-15 08:06):
*) www - improved service stability when receiving malformed packets;
*) www - improved service stability when receiving malformed packets;
Версия 6.48.7
2023-05-23
What's new in 6.48.7 (2023-May-23 08:27):
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) capsman - improved stability when running background scan on CAP;
*) console - updated copyright notice;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) hotspot - improved stability when receiving bogus packets;
*) smb - fixed SMB2 file list reporting;
*) snmp - fixed IPsec-SA byte and packet counter reporting;
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) capsman - improved stability when running background scan on CAP;
*) console - updated copyright notice;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) hotspot - improved stability when receiving bogus packets;
*) smb - fixed SMB2 file list reporting;
*) snmp - fixed IPsec-SA byte and packet counter reporting;
Версия 6.48.7
2023-05-23
What's new in 6.48.7 (2023-May-23 08:27):
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) capsman - improved stability when running background scan on CAP;
*) console - updated copyright notice;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) hotspot - improved stability when receiving bogus packets;
*) smb - fixed SMB2 file list reporting;
*) snmp - fixed IPsec-SA byte and packet counter reporting;
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) capsman - improved stability when running background scan on CAP;
*) console - updated copyright notice;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) hotspot - improved stability when receiving bogus packets;
*) smb - fixed SMB2 file list reporting;
*) snmp - fixed IPsec-SA byte and packet counter reporting;
Версия 6.48.7
2023-05-23
What's new in 6.48.7 (2023-May-23 08:27):
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) capsman - improved stability when running background scan on CAP;
*) console - updated copyright notice;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) hotspot - improved stability when receiving bogus packets;
*) smb - fixed SMB2 file list reporting;
*) snmp - fixed IPsec-SA byte and packet counter reporting;
!) ipv6 - fixed DNS server processing by IPv6/ND services (CVE-2023-32154);
*) capsman - improved stability when running background scan on CAP;
*) console - updated copyright notice;
*) firewall - fixed IRC NAT helper (CVE-2022-2663);
*) hotspot - improved stability when receiving bogus packets;
*) smb - fixed SMB2 file list reporting;
*) snmp - fixed IPsec-SA byte and packet counter reporting;
Версия 6.48.6
2021-12-07
What's new in 6.48.6 (2021-Dec-03 12:15):
MAJOR CHANGES IN v6.48.6:
----------------------
!) device-mode - added feature locking mechanism;
----------------------
*) certificate - improved stability when sending bogus SCEP message;
*) quickset - use 5GHz interface's country for "Home AP Dual" configuration;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) upgrade - added new "upgrade" channel for upgrades between major versions;
*) winbox - do not allow to add/remove W60G interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;
MAJOR CHANGES IN v6.48.6:
----------------------
!) device-mode - added feature locking mechanism;
----------------------
*) certificate - improved stability when sending bogus SCEP message;
*) quickset - use 5GHz interface's country for "Home AP Dual" configuration;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) upgrade - added new "upgrade" channel for upgrades between major versions;
*) winbox - do not allow to add/remove W60G interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;
Версия 6.48.6
2021-12-07
What's new in 6.48.6 (2021-Dec-03 12:15):
MAJOR CHANGES IN v6.48.6:
----------------------
!) device-mode - added feature locking mechanism;
----------------------
*) certificate - improved stability when sending bogus SCEP message;
*) quickset - use 5GHz interface's country for "Home AP Dual" configuration;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) upgrade - added new "upgrade" channel for upgrades between major versions;
*) winbox - do not allow to add/remove W60G interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;
MAJOR CHANGES IN v6.48.6:
----------------------
!) device-mode - added feature locking mechanism;
----------------------
*) certificate - improved stability when sending bogus SCEP message;
*) quickset - use 5GHz interface's country for "Home AP Dual" configuration;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) upgrade - added new "upgrade" channel for upgrades between major versions;
*) winbox - do not allow to add/remove W60G interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;
Версия 6.48.6
2021-12-07
What's new in 6.48.6 (2021-Dec-03 12:15):
MAJOR CHANGES IN v6.48.6:
----------------------
!) device-mode - added feature locking mechanism;
----------------------
*) certificate - improved stability when sending bogus SCEP message;
*) quickset - use 5GHz interface's country for "Home AP Dual" configuration;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) upgrade - added new "upgrade" channel for upgrades between major versions;
*) winbox - do not allow to add/remove W60G interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;
MAJOR CHANGES IN v6.48.6:
----------------------
!) device-mode - added feature locking mechanism;
----------------------
*) certificate - improved stability when sending bogus SCEP message;
*) quickset - use 5GHz interface's country for "Home AP Dual" configuration;
*) system - improved system stability if device is upgraded from RouterOS and/or RouterBOOT v6.41.4 or older;
*) upgrade - added new "upgrade" channel for upgrades between major versions;
*) winbox - do not allow to add/remove W60G interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for cAP ac XL and QRT 5 ac;
Версия 6.48.5
2021-10-08
What's new in 6.48.5 (2021-Sep-21 13:50):
Changes since 6.48.4:
*) branding - properly clean up old branding files before installing a new one;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) gps - improved interface monitoring;
*) health - improved temperature reporting;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ipsec - improved SA update by SPI;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
Changes since 6.48.4:
*) branding - properly clean up old branding files before installing a new one;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) gps - improved interface monitoring;
*) health - improved temperature reporting;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ipsec - improved SA update by SPI;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
Версия 6.48.5
2021-10-08
What's new in 6.48.5 (2021-Sep-21 13:50):
Changes since 6.48.4:
*) branding - properly clean up old branding files before installing a new one;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) gps - improved interface monitoring;
*) health - improved temperature reporting;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ipsec - improved SA update by SPI;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
Changes since 6.48.4:
*) branding - properly clean up old branding files before installing a new one;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) gps - improved interface monitoring;
*) health - improved temperature reporting;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ipsec - improved SA update by SPI;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
Версия 6.48.5
2021-10-08
What's new in 6.48.5 (2021-Sep-21 13:50):
Changes since 6.48.4:
*) branding - properly clean up old branding files before installing a new one;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) gps - improved interface monitoring;
*) health - improved temperature reporting;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ipsec - improved SA update by SPI;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
Changes since 6.48.4:
*) branding - properly clean up old branding files before installing a new one;
*) crs3xx - fixed default MAC address calculation on management Ethernet for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) gps - improved interface monitoring;
*) health - improved temperature reporting;
*) ike2 - check if TS is still valid after obtaining SPI;
*) ipsec - improved SA update by SPI;
*) netinstall - require Netinstall version to be the same or newer as "factory-software";
*) poe - update PoE firmware only on devices that supports it;
*) ppp - improved stability when receiving bogus response on modem channel;
*) qsfp - improved system stability when setting unsupported link rates;
*) sfp - added "sfp-rate-select" setting (CLI only);
*) sfp - improved SFP, SFP+, SFP28 and QSFP+ interface stability for CRS3xx and CCR2004 devices;
*) sfp28 - changed FEC auto mode to disabled;
*) w60g - limit power output when using region EU to match EN302567 on nRAY;
*) w60g - use EU region by default;
*) winbox - added "name" and "file-name" parameter when importing and exporting certificates;
*) winbox - allow setting MCS (24-31) to 4x4 Wireless interfaces;
*) winbox - do not allow to set empty "init-string" field under "System/GPS" menu;
*) winbox - do not show "GPS antenna" selection for devices without selection support;
*) winbox - show "System/Health/Settings" only on boards that have configurable values;
*) winbox - show "current-channel" column by default for CAP interfaces;
*) wireless - added U-NII-2 support for US and Canada country profiles for hAP ac lite;
Версия 6.47.9
2021-02-09
What's new in 6.47.9 (2021-Feb-05 15:22):
Changes since 6.47.8:
*) bgp - fixed VPNV4 RD byte order;
*) branding - fixed LCD logo loading from new style branding package;
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - correctly filter packets by L2MTU size;
*) crs3xx - improved system stability when receiving large frames for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.47.5);
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) package - do not include multiple The Dude packages in HDD installer;
*) snmp - fixed "send-trap" functionality;
*) webfig - fixed new interface addition;
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
*) wireless - updated "indonesia5" regulatory domain information;
Changes since 6.47.8:
*) bgp - fixed VPNV4 RD byte order;
*) branding - fixed LCD logo loading from new style branding package;
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - correctly filter packets by L2MTU size;
*) crs3xx - improved system stability when receiving large frames for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.47.5);
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) package - do not include multiple The Dude packages in HDD installer;
*) snmp - fixed "send-trap" functionality;
*) webfig - fixed new interface addition;
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
*) wireless - updated "indonesia5" regulatory domain information;
Версия 6.47.9
2021-02-09
What's new in 6.47.9 (2021-Feb-05 15:22):
Changes since 6.47.8:
*) bgp - fixed VPNV4 RD byte order;
*) branding - fixed LCD logo loading from new style branding package;
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - correctly filter packets by L2MTU size;
*) crs3xx - improved system stability when receiving large frames for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.47.5);
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) package - do not include multiple The Dude packages in HDD installer;
*) snmp - fixed "send-trap" functionality;
*) webfig - fixed new interface addition;
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
*) wireless - updated "indonesia5" regulatory domain information;
Changes since 6.47.8:
*) bgp - fixed VPNV4 RD byte order;
*) branding - fixed LCD logo loading from new style branding package;
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - correctly filter packets by L2MTU size;
*) crs3xx - improved system stability when receiving large frames for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.47.5);
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) package - do not include multiple The Dude packages in HDD installer;
*) snmp - fixed "send-trap" functionality;
*) webfig - fixed new interface addition;
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
*) wireless - updated "indonesia5" regulatory domain information;
Версия 6.47.9
2021-02-09
What's new in 6.47.9 (2021-Feb-05 15:22):
Changes since 6.47.8:
*) bgp - fixed VPNV4 RD byte order;
*) branding - fixed LCD logo loading from new style branding package;
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - correctly filter packets by L2MTU size;
*) crs3xx - improved system stability when receiving large frames for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.47.5);
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) package - do not include multiple The Dude packages in HDD installer;
*) snmp - fixed "send-trap" functionality;
*) webfig - fixed new interface addition;
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
*) wireless - updated "indonesia5" regulatory domain information;
Changes since 6.47.8:
*) bgp - fixed VPNV4 RD byte order;
*) branding - fixed LCD logo loading from new style branding package;
*) crs312 - fixed missing SwOS firmware on revision 2 devices;
*) crs3xx - correctly filter packets by L2MTU size;
*) crs3xx - improved system stability when receiving large frames for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices (introduced in v6.47.5);
*) defconf - fixed default configuration loading on RBcAP-2nD and RBwAP-2nD;
*) hotspot - fixed "idle-timeout" usage with RADIUS authentication;
*) hotspot - fixed special character parsing in "target" variable (CVE-2021-3014);
*) package - do not include multiple The Dude packages in HDD installer;
*) snmp - fixed "send-trap" functionality;
*) webfig - fixed new interface addition;
*) winbox - fixed enable/disable button presence for "Bridge/Hosts" menu;
*) winbox - renamed IP protocol 41 to "ipv6-encap";
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - use health values reported by gauges for "System/Health" menu;
*) wireless - renamed "macedonia" regulatory domain information to "north macedonia";
*) wireless - updated "indonesia5" regulatory domain information;
Версия 6.47.10
2021-06-02
What's new in 6.47.10 (2021-May-31 09:54):
MAJOR CHANGES IN v6.47.10:
----------------------
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
----------------------
*) bonding - improved system stability when disabling/enabling bonding ports;
*) branding - added option to upload custom files (newly generated branding package required);
*) capsman - use proper units for "ap-tx-limit" and "client-tx-limit" parameters;
*) console - do not clear environment values if any global variable is set;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - updated copyright notice;
*) crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on LHG R;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) dhcp - fixed link state checking for DHCP client;
*) dude - fixed configuration menu presence on ARM64 devices;
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) ipsec - fixed SA address parameter exporting;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) ovpn - fixed route cache entry leak when establishing a new session;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) ptp - improved management service stability when receiving bogus packets;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) supout - fixed "topic" column presence in "Log" section;
*) switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) tr069-client - improved management service stability when receiving bogus packets;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - show "network-mode" for LTE modems that support it;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed health reporting on RB960, hEX and hEX S devices;
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improved iOS compatibility with HotSpot 2.0 networks;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
MAJOR CHANGES IN v6.47.10:
----------------------
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
----------------------
*) bonding - improved system stability when disabling/enabling bonding ports;
*) branding - added option to upload custom files (newly generated branding package required);
*) capsman - use proper units for "ap-tx-limit" and "client-tx-limit" parameters;
*) console - do not clear environment values if any global variable is set;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - updated copyright notice;
*) crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on LHG R;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) dhcp - fixed link state checking for DHCP client;
*) dude - fixed configuration menu presence on ARM64 devices;
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) ipsec - fixed SA address parameter exporting;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) ovpn - fixed route cache entry leak when establishing a new session;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) ptp - improved management service stability when receiving bogus packets;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) supout - fixed "topic" column presence in "Log" section;
*) switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) tr069-client - improved management service stability when receiving bogus packets;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - show "network-mode" for LTE modems that support it;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed health reporting on RB960, hEX and hEX S devices;
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improved iOS compatibility with HotSpot 2.0 networks;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Версия 6.47.10
2021-06-02
What's new in 6.47.10 (2021-May-31 09:54):
MAJOR CHANGES IN v6.47.10:
----------------------
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
----------------------
*) bonding - improved system stability when disabling/enabling bonding ports;
*) branding - added option to upload custom files (newly generated branding package required);
*) capsman - use proper units for "ap-tx-limit" and "client-tx-limit" parameters;
*) console - do not clear environment values if any global variable is set;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - updated copyright notice;
*) crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on LHG R;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) dhcp - fixed link state checking for DHCP client;
*) dude - fixed configuration menu presence on ARM64 devices;
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) ipsec - fixed SA address parameter exporting;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) ovpn - fixed route cache entry leak when establishing a new session;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) ptp - improved management service stability when receiving bogus packets;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) supout - fixed "topic" column presence in "Log" section;
*) switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) tr069-client - improved management service stability when receiving bogus packets;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - show "network-mode" for LTE modems that support it;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed health reporting on RB960, hEX and hEX S devices;
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improved iOS compatibility with HotSpot 2.0 networks;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
MAJOR CHANGES IN v6.47.10:
----------------------
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
----------------------
*) bonding - improved system stability when disabling/enabling bonding ports;
*) branding - added option to upload custom files (newly generated branding package required);
*) capsman - use proper units for "ap-tx-limit" and "client-tx-limit" parameters;
*) console - do not clear environment values if any global variable is set;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - updated copyright notice;
*) crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on LHG R;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) dhcp - fixed link state checking for DHCP client;
*) dude - fixed configuration menu presence on ARM64 devices;
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) ipsec - fixed SA address parameter exporting;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) ovpn - fixed route cache entry leak when establishing a new session;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) ptp - improved management service stability when receiving bogus packets;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) supout - fixed "topic" column presence in "Log" section;
*) switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) tr069-client - improved management service stability when receiving bogus packets;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - show "network-mode" for LTE modems that support it;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed health reporting on RB960, hEX and hEX S devices;
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improved iOS compatibility with HotSpot 2.0 networks;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Версия 6.47.10
2021-06-02
What's new in 6.47.10 (2021-May-31 09:54):
MAJOR CHANGES IN v6.47.10:
----------------------
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
----------------------
*) bonding - improved system stability when disabling/enabling bonding ports;
*) branding - added option to upload custom files (newly generated branding package required);
*) capsman - use proper units for "ap-tx-limit" and "client-tx-limit" parameters;
*) console - do not clear environment values if any global variable is set;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - updated copyright notice;
*) crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on LHG R;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) dhcp - fixed link state checking for DHCP client;
*) dude - fixed configuration menu presence on ARM64 devices;
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) ipsec - fixed SA address parameter exporting;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) ovpn - fixed route cache entry leak when establishing a new session;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) ptp - improved management service stability when receiving bogus packets;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) supout - fixed "topic" column presence in "Log" section;
*) switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) tr069-client - improved management service stability when receiving bogus packets;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - show "network-mode" for LTE modems that support it;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed health reporting on RB960, hEX and hEX S devices;
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improved iOS compatibility with HotSpot 2.0 networks;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
MAJOR CHANGES IN v6.47.10:
----------------------
!) wireless - fixed all affecting 'FragAttacks' vulnerabilities (CVE-2020-24587, CVE-2020-24588, CVE-2020-26144, CVE-2020-26146, CVE-2020-26147);
----------------------
*) bonding - improved system stability when disabling/enabling bonding ports;
*) branding - added option to upload custom files (newly generated branding package required);
*) capsman - use proper units for "ap-tx-limit" and "client-tx-limit" parameters;
*) console - do not clear environment values if any global variable is set;
*) console - require "write+ftp" permissions for exporting configuration to file;
*) console - updated copyright notice;
*) crs3xx - added "/system swos" menu for CRS354 devices, should only be used after SwOS 2.13 release;
*) crs3xx - fixed interface LEDs for QSFP+ and SFP+ interfaces on CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - improved 1Gbps Ethernet port group traffic forwarding for CRS354 devices;
*) crs3xx - improved system stability when receiving large frames on CPU for CRS317, CRS309, CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) defconf - fixed default configuration loading on LHG R;
*) defconf - fixed default configuration loading on RBOmniTikPG-5HacD;
*) dhcp - fixed link state checking for DHCP client;
*) dude - fixed configuration menu presence on ARM64 devices;
*) ethernet - improved system stability when receiving large VLAN tagged packets on IPQ4018/IPQ4019 devices;
*) ipsec - fixed SA address parameter exporting;
*) lte - fixed "earfcn" to band translation for "cell-monitor";
*) ovpn - fixed route cache entry leak when establishing a new session;
*) poe - do not perform PoE firmware upgrade procedure on RB960 and OmniTik devices without PoE out;
*) ppp - do not fail "at-chat" command when issued on disabled PPP interface;
*) ptp - improved management service stability when receiving bogus packets;
*) quickset - prefer 5GHz interface for WiFi scan in CPE mode;
*) rb4011 - fixed SFP+ port MTU setting after link state change;
*) rb4011 - improved SFP+ port stability after boot-up;
*) route - improved stability when connected route is modified;
*) sfp - improved cable length monitoring as defined per SFF-8472 and SFF-8636;
*) supout - fixed "topic" column presence in "Log" section;
*) switch - improved system stability with 98PX1012 switch chip for CCR2004-1G-12S+2XS device;
*) system - improved resource allocation (improves several service stability e.g. HTTPS, PPPoE, VPN);
*) telnet - do not send options if connecting to non standard port;
*) telnet - fixed server when run on non standard port;
*) tile - fixed bridge performance degradation (introduced in v6.47);
*) tr069-client - improved management service stability when receiving bogus packets;
*) upgrade - improved "long-term" upgrade procedure on SMIPS devices;
*) webfig - allow to specify "prefix" parameter under "IPv6/ND/Prefixes" menu;
*) webfig - do not corrupt settings when starting "Wireless Sniffer";
*) webfig - do not move top right menu in opposite direction when scrolling horizontally;
*) webfig - show "network-mode" for LTE modems that support it;
*) winbox - do not show "network-mode" parameter for LTE interfaces that do not support it;
*) winbox - do not show empty "CPU Frequency" parameter under "System/Resources" menu;
*) winbox - fixed "reachable-time" value unit under "IPv6/ND" menu;
*) winbox - fixed QCA-8511 switch chip type reporting under "Switch/Settings" menu;
*) winbox - fixed health reporting on RB960, hEX and hEX S devices;
*) winbox - hide "Allow Roaming" parameter on LTE modems that do not support it;
*) winbox - increased "target" field limit to 128 under "Queues" menu;
*) winbox - show "LCD" only on boards that have LCD;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "activity" column by default under "IP/Kid Control/Devices" menu;
*) wireless - fixed issue with multicast traffic delivery to client devices using power-save;
*) wireless - improved iOS compatibility with HotSpot 2.0 networks;
*) www - added "X-Frame-Options" header information to disallow website embedding in other pages;
Версия 6.46.8
2020-11-02
What's new in 6.46.8 (2020-Oct-29 8:29):
Changes since 6.46.7:
*) cap - fixed L2MTU path discovery;
*) chr - fixed file system quiescing;
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch rules for CRS309 and CRS317 devices (introduced in v6.46.7);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dhcpv6-server - properly save bindings when executing "make-static" command;
*) fetch - fixed "src-address" usage for SFTP;
*) fetch - improved SSL handshake processing;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) leds - fixed LED type setting;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) mpls - fixed duplicate "LabelRelease" message sending;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed automatic PoE firmware upgrade procedure;
*) poe - improved PoE-out status detection;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) smips - reduced RouterOS main package size;
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) switch - fixed Ethernet padding for small packets;
*) user - improved WinBox and The Dude authenticated session handling;
*) user-manager - updated PayPal's root certificate authorities;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) wireless - updated "kazakhstan" regulatory domain information;
Changes since 6.46.7:
*) cap - fixed L2MTU path discovery;
*) chr - fixed file system quiescing;
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch rules for CRS309 and CRS317 devices (introduced in v6.46.7);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dhcpv6-server - properly save bindings when executing "make-static" command;
*) fetch - fixed "src-address" usage for SFTP;
*) fetch - improved SSL handshake processing;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) leds - fixed LED type setting;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) mpls - fixed duplicate "LabelRelease" message sending;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed automatic PoE firmware upgrade procedure;
*) poe - improved PoE-out status detection;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) smips - reduced RouterOS main package size;
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) switch - fixed Ethernet padding for small packets;
*) user - improved WinBox and The Dude authenticated session handling;
*) user-manager - updated PayPal's root certificate authorities;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) wireless - updated "kazakhstan" regulatory domain information;
Версия 6.46.8
2020-11-02
What's new in 6.46.8 (2020-Oct-29 8:29):
Changes since 6.46.7:
*) cap - fixed L2MTU path discovery;
*) chr - fixed file system quiescing;
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch rules for CRS309 and CRS317 devices (introduced in v6.46.7);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dhcpv6-server - properly save bindings when executing "make-static" command;
*) fetch - fixed "src-address" usage for SFTP;
*) fetch - improved SSL handshake processing;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) leds - fixed LED type setting;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) mpls - fixed duplicate "LabelRelease" message sending;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed automatic PoE firmware upgrade procedure;
*) poe - improved PoE-out status detection;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) smips - reduced RouterOS main package size;
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) switch - fixed Ethernet padding for small packets;
*) user - improved WinBox and The Dude authenticated session handling;
*) user-manager - updated PayPal's root certificate authorities;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) wireless - updated "kazakhstan" regulatory domain information;
Changes since 6.46.7:
*) cap - fixed L2MTU path discovery;
*) chr - fixed file system quiescing;
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch rules for CRS309 and CRS317 devices (introduced in v6.46.7);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dhcpv6-server - properly save bindings when executing "make-static" command;
*) fetch - fixed "src-address" usage for SFTP;
*) fetch - improved SSL handshake processing;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) leds - fixed LED type setting;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) mpls - fixed duplicate "LabelRelease" message sending;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed automatic PoE firmware upgrade procedure;
*) poe - improved PoE-out status detection;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) smips - reduced RouterOS main package size;
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) switch - fixed Ethernet padding for small packets;
*) user - improved WinBox and The Dude authenticated session handling;
*) user-manager - updated PayPal's root certificate authorities;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) wireless - updated "kazakhstan" regulatory domain information;
Версия 6.46.8
2020-11-02
What's new in 6.46.8 (2020-Oct-29 8:29):
Changes since 6.46.7:
*) cap - fixed L2MTU path discovery;
*) chr - fixed file system quiescing;
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch rules for CRS309 and CRS317 devices (introduced in v6.46.7);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dhcpv6-server - properly save bindings when executing "make-static" command;
*) fetch - fixed "src-address" usage for SFTP;
*) fetch - improved SSL handshake processing;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) leds - fixed LED type setting;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) mpls - fixed duplicate "LabelRelease" message sending;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed automatic PoE firmware upgrade procedure;
*) poe - improved PoE-out status detection;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) smips - reduced RouterOS main package size;
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) switch - fixed Ethernet padding for small packets;
*) user - improved WinBox and The Dude authenticated session handling;
*) user-manager - updated PayPal's root certificate authorities;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) wireless - updated "kazakhstan" regulatory domain information;
Changes since 6.46.7:
*) cap - fixed L2MTU path discovery;
*) chr - fixed file system quiescing;
*) crs3xx - fixed IGMP snooping for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch rules for CRS309 and CRS317 devices (introduced in v6.46.7);
*) crs3xx - improved system stability on CRS354 devices;
*) defconf - fixed default configuration loading on RBmAP-2nD;
*) defconf - improved default configuration generation on devices with changed wireless interface names;
*) dhcpv6-server - improved stability when changing server for static bindings;
*) dhcpv6-server - properly save bindings when executing "make-static" command;
*) fetch - fixed "src-address" usage for SFTP;
*) fetch - improved SSL handshake processing;
*) hotspot - do not verify Hotspot interface status when detecting if HTTP/HTTPS login method is allowed;
*) leds - fixed LED type setting;
*) lte - fixed multiple APN passthrough on R11e-4G;
*) lte - limit allowed APN count to 3 on R11e-LTE;
*) mpls - fixed duplicate "LabelRelease" message sending;
*) ospf - optimized LSA printing for smaller message sizes;
*) poe - fixed automatic PoE firmware upgrade procedure;
*) poe - improved PoE-out status detection;
*) ppp - allow specifying pool name for "remote-ipv6-prefix-pool" parameter;
*) radius - added "Service-Type" attribute to Access-Request for IPv4 and IPv6 DHCP servers;
*) smips - reduced RouterOS main package size;
*) sms - fixed SMS sending when both "interface" and "smsc" parameters are specified;
*) snmp - fixed "/tool snmp-get" functionality (introduced in v 6.46beta43);
*) switch - fixed Ethernet padding for small packets;
*) user - improved WinBox and The Dude authenticated session handling;
*) user-manager - updated PayPal's root certificate authorities;
*) vrrp - made "password" parameter sensitive;
*) w60g - general stability and performance improvements;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for NetMetal series devices;
*) wireless - fixed incorrect wireless capability information in association response frames;
*) wireless - updated "kazakhstan" regulatory domain information;
Версия 6.46.7
2020-09-14
What's new in 6.46.7 (2020-Sep-07 07:38):
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
Changes since 6.46.6:
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed STP alternate and backup port states for devices with switch chip;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) crs3xx - improved Ethernet port group traffic forwarding on CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - do not require "server" parameter for bindings;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) email - added support for multiple "to" recipients;
*) export - fixed HotSpot "address-per-mac" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) ftp - fixed possible buffer overflow;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - fixed local side NAT detection;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) interface - added new builtin "static" interface list;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lcd - improved general system stability when LCD is not present;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) lte - improved stability during firmware upgrade;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - improved route tag processing for OSPFv3;
*) poe - fixed "power-cycle" functionality on hEX PoE, PowerBox Pro and OmniTIK 5 PoE ac;
*) port - removed serial console port on hEX S;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) profile - added support for CCR2004-1G-12S+2XS;
*) qsfp - fixed auto-negotiation status;
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed "reset-button" menu presence on all devices;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS305, CRS309 and CRS317 devices ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) smb - fixed file path validation (introduced in v6.46);
*) smb - fixed possible memory leak (CVE-2020-11881);
*) smb - limit active session count to 5 per connection;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) upgrade - fixed space handling in package file names;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) w60g - improved rate selection in low traffic conditions;
*) webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - fixed wireless sniffer parameter setting;
*) winbox - hide irrelevant switch port parameters;
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - allow setting "tx-power" up to 40;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - fixed potential wireless driver issue related to CVE-2020-3702;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu;
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
Changes since 6.46.6:
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed STP alternate and backup port states for devices with switch chip;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) crs3xx - improved Ethernet port group traffic forwarding on CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - do not require "server" parameter for bindings;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) email - added support for multiple "to" recipients;
*) export - fixed HotSpot "address-per-mac" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) ftp - fixed possible buffer overflow;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - fixed local side NAT detection;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) interface - added new builtin "static" interface list;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lcd - improved general system stability when LCD is not present;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) lte - improved stability during firmware upgrade;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - improved route tag processing for OSPFv3;
*) poe - fixed "power-cycle" functionality on hEX PoE, PowerBox Pro and OmniTIK 5 PoE ac;
*) port - removed serial console port on hEX S;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) profile - added support for CCR2004-1G-12S+2XS;
*) qsfp - fixed auto-negotiation status;
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed "reset-button" menu presence on all devices;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS305, CRS309 and CRS317 devices ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) smb - fixed file path validation (introduced in v6.46);
*) smb - fixed possible memory leak (CVE-2020-11881);
*) smb - limit active session count to 5 per connection;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) upgrade - fixed space handling in package file names;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) w60g - improved rate selection in low traffic conditions;
*) webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - fixed wireless sniffer parameter setting;
*) winbox - hide irrelevant switch port parameters;
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - allow setting "tx-power" up to 40;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - fixed potential wireless driver issue related to CVE-2020-3702;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu;
Версия 6.46.7
2020-09-14
What's new in 6.46.7 (2020-Sep-07 07:38):
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
Changes since 6.46.6:
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed STP alternate and backup port states for devices with switch chip;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) crs3xx - improved Ethernet port group traffic forwarding on CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - do not require "server" parameter for bindings;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) email - added support for multiple "to" recipients;
*) export - fixed HotSpot "address-per-mac" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) ftp - fixed possible buffer overflow;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - fixed local side NAT detection;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) interface - added new builtin "static" interface list;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lcd - improved general system stability when LCD is not present;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) lte - improved stability during firmware upgrade;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - improved route tag processing for OSPFv3;
*) poe - fixed "power-cycle" functionality on hEX PoE, PowerBox Pro and OmniTIK 5 PoE ac;
*) port - removed serial console port on hEX S;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) profile - added support for CCR2004-1G-12S+2XS;
*) qsfp - fixed auto-negotiation status;
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed "reset-button" menu presence on all devices;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS305, CRS309 and CRS317 devices ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) smb - fixed file path validation (introduced in v6.46);
*) smb - fixed possible memory leak (CVE-2020-11881);
*) smb - limit active session count to 5 per connection;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) upgrade - fixed space handling in package file names;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) w60g - improved rate selection in low traffic conditions;
*) webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - fixed wireless sniffer parameter setting;
*) winbox - hide irrelevant switch port parameters;
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - allow setting "tx-power" up to 40;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - fixed potential wireless driver issue related to CVE-2020-3702;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu;
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
Changes since 6.46.6:
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed STP alternate and backup port states for devices with switch chip;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) crs3xx - improved Ethernet port group traffic forwarding on CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - do not require "server" parameter for bindings;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) email - added support for multiple "to" recipients;
*) export - fixed HotSpot "address-per-mac" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) ftp - fixed possible buffer overflow;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - fixed local side NAT detection;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) interface - added new builtin "static" interface list;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lcd - improved general system stability when LCD is not present;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) lte - improved stability during firmware upgrade;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - improved route tag processing for OSPFv3;
*) poe - fixed "power-cycle" functionality on hEX PoE, PowerBox Pro and OmniTIK 5 PoE ac;
*) port - removed serial console port on hEX S;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) profile - added support for CCR2004-1G-12S+2XS;
*) qsfp - fixed auto-negotiation status;
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed "reset-button" menu presence on all devices;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS305, CRS309 and CRS317 devices ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) smb - fixed file path validation (introduced in v6.46);
*) smb - fixed possible memory leak (CVE-2020-11881);
*) smb - limit active session count to 5 per connection;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) upgrade - fixed space handling in package file names;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) w60g - improved rate selection in low traffic conditions;
*) webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - fixed wireless sniffer parameter setting;
*) winbox - hide irrelevant switch port parameters;
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - allow setting "tx-power" up to 40;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - fixed potential wireless driver issue related to CVE-2020-3702;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu;
Версия 6.46.7
2020-09-14
What's new in 6.46.7 (2020-Sep-07 07:38):
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
Changes since 6.46.6:
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed STP alternate and backup port states for devices with switch chip;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) crs3xx - improved Ethernet port group traffic forwarding on CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - do not require "server" parameter for bindings;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) email - added support for multiple "to" recipients;
*) export - fixed HotSpot "address-per-mac" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) ftp - fixed possible buffer overflow;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - fixed local side NAT detection;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) interface - added new builtin "static" interface list;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lcd - improved general system stability when LCD is not present;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) lte - improved stability during firmware upgrade;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - improved route tag processing for OSPFv3;
*) poe - fixed "power-cycle" functionality on hEX PoE, PowerBox Pro and OmniTIK 5 PoE ac;
*) port - removed serial console port on hEX S;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) profile - added support for CCR2004-1G-12S+2XS;
*) qsfp - fixed auto-negotiation status;
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed "reset-button" menu presence on all devices;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS305, CRS309 and CRS317 devices ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) smb - fixed file path validation (introduced in v6.46);
*) smb - fixed possible memory leak (CVE-2020-11881);
*) smb - limit active session count to 5 per connection;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) upgrade - fixed space handling in package file names;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) w60g - improved rate selection in low traffic conditions;
*) webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - fixed wireless sniffer parameter setting;
*) winbox - hide irrelevant switch port parameters;
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - allow setting "tx-power" up to 40;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - fixed potential wireless driver issue related to CVE-2020-3702;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu;
Important note!!!
- The Dude server must be updated to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
- The Dude client must be manually upgraded after upgrading The Dude server.
- The Dude requires "winbox" policy instead of "dude" to monitor v6.46.4+ and v6.47beta30+ RouterOS type devices.
Changes since 6.46.6:
*) arm - improved stability when forcing 25G speed on unsupported interface;
*) bridge - fixed host table update on SNMP query;
*) bridge - fixed STP alternate and backup port states for devices with switch chip;
*) crs3xx - fixed hardware offloaded MPLS forwarding when using bonding interfaces;
*) crs3xx - fixed QSFP+ interface LEDs when using break-out cable for CRS326-24S+2Q+;
*) crs3xx - fixed switch ACL rules for CRS312, CRS326-24S+2Q+ and CRS354 devices;
*) crs3xx - fixed switch port "egress-rate" removal for CRS305, CRS326-24G-2S+, CRS328, CRS318 devices;
*) crs3xx - improved 10G interface initialization on CRS312 devices;
*) crs3xx - improved Ethernet port group traffic forwarding on CRS354 devices;
*) crs3xx - improved system stability when using hardware offloaded MPLS;
*) defconf - fixed default configuration loading on RBmAPL-2nD;
*) dhcpv6-server - disallow changing binding's "prefix-pool";
*) dhcpv6-server - do not require "server" parameter for bindings;
*) discovery - do not send discovery packets on inactive bonding slave interfaces;
*) discovery - do not send discovery packets on interfaces that are blocked by STP;
*) dot1x - fixed duplicate EAP request packets for server;
*) dot1x - fixed EAP packet version numbering;
*) email - added support for multiple "to" recipients;
*) export - fixed HotSpot "address-per-mac" parameter export;
*) fetch - show status "uploaded" instead of "downloaded" when uploading a file;
*) ftp - fixed possible buffer overflow;
*) hotspot - ignore packets from host while MAC authentication is in progress;
*) ike1 - improved stability when performing policy lookup on non-existant peer;
*) ike2 - fixed local side NAT detection;
*) ike2 - fixed policy reference for pending acquire;
*) ike2 - retry RSA signature validation with deduced digest from certificate;
*) interface - added new builtin "static" interface list;
*) kidcontrol - fixed "time-unlimited-rate" to engage in correct time;
*) lcd - improved general system stability when LCD is not present;
*) lte - fixed modem initialization when multiple modems are used simultaneously;
*) lte - fixed PDP authentication configuration for SIM7600;
*) lte - improved stability during firmware upgrade;
*) metarouter - fixed image importing (introduced in v6.46);
*) ospf - fixed disappearing NSSA default route;
*) ospf - fixed processing of "unknown" LSA type;
*) ospf - improved route tag processing for OSPFv3;
*) poe - fixed "power-cycle" functionality on hEX PoE, PowerBox Pro and OmniTIK 5 PoE ac;
*) port - removed serial console port on hEX S;
*) ppp - removed "comment", "set" and "edit" commands from "PPP->Active" menu;
*) profile - added support for CCR2004-1G-12S+2XS;
*) qsfp - fixed auto-negotiation status;
*) quickset - fixed invalid configuration applying when performing changes during LTE modem initialization process;
*) quickset - show "Antenna Gain" setting on devices without built-in antennas;
*) route - improved stability when 6to4 interface is configured with disabled IPv6 package;
*) routerboard - fixed "reset-button" menu presence on all devices;
*) routerboot - fixed etherboot FCS errors with 100Mbps rate for CRS305, CRS309 and CRS317 devices ("/system routerboard upgrade" required);
*) sfp - stabilized CRS212 SFP port functionality and improved monitoring of optical modules;
*) smb - fixed file path validation (introduced in v6.46);
*) smb - fixed possible memory leak (CVE-2020-11881);
*) smb - limit active session count to 5 per connection;
*) sniffer - allow setting port for "streaming-server";
*) snmp - added "dot1qTpFdbTable" OID reporting for Q-BRIDGE-MIB;
*) switch - correctly enable and disable CPU Flow Control on RB3011UiAS;
*) switch - fixed MAC address learning on switch-cpu port for Atheros8316, Atheros8227 and Atheros7240 switch chips;
*) upgrade - fixed space handling in package file names;
*) w60g - added "mdmg-fix" parameter for RBwAP60Gx3 (CLI only);
*) w60g - improved rate selection in low traffic conditions;
*) webfig - fixed 5 GHz wireless interface "frequency" parameter value list on Audience;
*) winbox - added "region" parameter for W60G interfaces;
*) winbox - allow to specify any Ethernet like interface under "Tool/WoL" menu;
*) winbox - do not allow to enter empty strings in "caps-man-names" and "common-name" parameters;
*) winbox - fixed "Tx/Rx Signal Strength" value presence for 4 chain interfaces;
*) winbox - fixed wireless interface "HT" tab setting presence when "band=5ghz-n/ac";
*) winbox - fixed wireless sniffer parameter setting;
*) winbox - hide irrelevant switch port parameters;
*) wireless - added support for U-NII-2 for cAP ac;
*) wireless - added support for U-NII-2 for wAP ac;
*) wireless - allow setting "tx-power" up to 40;
*) wireless - changed "station-roaming" default setting from "enabled" to "disabled";
*) wireless - fixed potential wireless driver issue related to CVE-2020-3702;
*) wireless - improved management service stability when receiving bogus packets;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "canada" regulatory domain information;
*) wireless - updated "egypt" regulatory domain information;
*) wireless - updated "indonesia5" regulatory domain information;
*) wireless - updated "united states" regulatory domain information;
*) www - added "tls-version" parameter in "IP->Services" menu;
Версия 6.45.9
2020-05-07
What's new in 6.45.9 (2020-Apr-30 10:25):
Changes since 6.45.8:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - fixed certificate verification when flushing CRL's;
*) chr - added support for file system quiescing;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) defconf - added welcome note with common first steps for new users;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) hotspot - fixed redirect to log in page (introduced in v6.45);
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) lte - improved system stability when performing firmware update on R11e-LTE6;
*) sniffer - fixed minor typo in "host" menu;
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) traceroute - improved stability when invalid packet is received;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - increased limit of multi-entry fields to 100;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - allow using FCC "U-NII-2" frequency range for hAP ac2 and RBwAPGR series devices;
*) wireless - fixed default "antenna-gain" setting on SXT 2 devices;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "indonesia4" regulatory domain information;
*) wireless - updated "south africa" regulatory domain information;
Changes since 6.45.8:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - fixed certificate verification when flushing CRL's;
*) chr - added support for file system quiescing;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) defconf - added welcome note with common first steps for new users;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) hotspot - fixed redirect to log in page (introduced in v6.45);
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) lte - improved system stability when performing firmware update on R11e-LTE6;
*) sniffer - fixed minor typo in "host" menu;
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) traceroute - improved stability when invalid packet is received;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - increased limit of multi-entry fields to 100;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - allow using FCC "U-NII-2" frequency range for hAP ac2 and RBwAPGR series devices;
*) wireless - fixed default "antenna-gain" setting on SXT 2 devices;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "indonesia4" regulatory domain information;
*) wireless - updated "south africa" regulatory domain information;
Версия 6.45.9
2020-05-07
What's new in 6.45.9 (2020-Apr-30 10:25):
Changes since 6.45.8:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - fixed certificate verification when flushing CRL's;
*) chr - added support for file system quiescing;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) defconf - added welcome note with common first steps for new users;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) hotspot - fixed redirect to log in page (introduced in v6.45);
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) lte - improved system stability when performing firmware update on R11e-LTE6;
*) sniffer - fixed minor typo in "host" menu;
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) traceroute - improved stability when invalid packet is received;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - increased limit of multi-entry fields to 100;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - allow using FCC "U-NII-2" frequency range for hAP ac2 and RBwAPGR series devices;
*) wireless - fixed default "antenna-gain" setting on SXT 2 devices;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "indonesia4" regulatory domain information;
*) wireless - updated "south africa" regulatory domain information;
Changes since 6.45.8:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - fixed certificate verification when flushing CRL's;
*) chr - added support for file system quiescing;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) defconf - added welcome note with common first steps for new users;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) hotspot - fixed redirect to log in page (introduced in v6.45);
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) lte - improved system stability when performing firmware update on R11e-LTE6;
*) sniffer - fixed minor typo in "host" menu;
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) traceroute - improved stability when invalid packet is received;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - increased limit of multi-entry fields to 100;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - allow using FCC "U-NII-2" frequency range for hAP ac2 and RBwAPGR series devices;
*) wireless - fixed default "antenna-gain" setting on SXT 2 devices;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "indonesia4" regulatory domain information;
*) wireless - updated "south africa" regulatory domain information;
Версия 6.45.9
2020-05-07
What's new in 6.45.9 (2020-Apr-30 10:25):
Changes since 6.45.8:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - fixed certificate verification when flushing CRL's;
*) chr - added support for file system quiescing;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) defconf - added welcome note with common first steps for new users;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) hotspot - fixed redirect to log in page (introduced in v6.45);
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) lte - improved system stability when performing firmware update on R11e-LTE6;
*) sniffer - fixed minor typo in "host" menu;
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) traceroute - improved stability when invalid packet is received;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - increased limit of multi-entry fields to 100;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - allow using FCC "U-NII-2" frequency range for hAP ac2 and RBwAPGR series devices;
*) wireless - fixed default "antenna-gain" setting on SXT 2 devices;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "indonesia4" regulatory domain information;
*) wireless - updated "south africa" regulatory domain information;
Changes since 6.45.8:
*) arm - improved watchdog and kernel panic reporting in log after reboots on RB3011 and IPQ4018/IPQ4019 devices ("/system routerboard upgrade" required);
*) capsman - fixed "certificate" parameter updating on CAP;
*) certificate - fixed certificate verification when flushing CRL's;
*) chr - added support for file system quiescing;
*) chr - enabled support for VMBus protocol version 4.1;
*) chr - improved system stability when running CHR on Hyper-V;
*) console - prevent incorrect type interfaces appearing in command hints;
*) crs3xx - fixed frame forwarding after disabling/enabling bridge hardware offloading for CRS354-48G-4S+2Q+ device;
*) crs3xx - fixed interface statistics for CRS354-48G-4S+2Q+ and CRS354-48P-4S+2Q+ devices;
*) crs3xx - fixed switch rule "dst-port" parameter for IPv6 traffic on CRS305-1G-4S+, CRS326-24G-2S+, CRS328-24P-4S+, CRS328-4C-20S-4S+, netPower 15FR devices;
*) crs3xx - improved SFP+ DAC cable initialization for CRS326-24S+2Q+ device;
*) defconf - added welcome note with common first steps for new users;
*) discovery - do not send CDP and LLDP packets on interfaces that does not have MAC address;
*) health - fixed maximum SFP temperature reading under '/system health' menu;
*) hotspot - fixed redirect to log in page (introduced in v6.45);
*) ike1 - rekey phase 1 rekeying as responder for Windows initiators;
*) ipsec - improved system stability when handling fragmented packets;
*) led - added "dark-mode" functionality for CRS105-5S-FB;
*) lte - added "phy-cellid" value support for LTE-US;
*) lte - fixed IP type selection from APN on RBSXTLTE3-7;
*) lte - improved system stability when performing firmware update on R11e-LTE6;
*) sniffer - fixed minor typo in "host" menu;
*) snmp - fixed "ifSpeed" reporting for tunnel interfaces;
*) snmp - fixed "routeros-version" value returning from registration table;
*) snmp - fixed UPS battery voltage value scaling;
*) ssh - added support for RSA keys with SHA256 hash (RFC8332);
*) system - correctly handle Generic Receive Offloading (GRO) for MPLS traffic;
*) system - improved system stability when forwarding traffic from switch chip to CPU (introduced in v6.43);
*) system - improved system stability when receiving/sending TCP traffic on multicore devices;
*) traceroute - improved stability when invalid packet is received;
*) webfig - added default configuration confirmation window to WebFig;
*) webfig - allow skin designing without "ftp" and "sensitive" policies;
*) webfig - do not show WebFig menu when opening 'Check For Updates' in Quick Set;
*) winbox - added "Options" parameter support for DHCPv6 client and server;
*) winbox - added 160Mhz extension channel support for CAPsMAN;
*) winbox - added support for "Tools->WoL" menu;
*) winbox - do not show "Revision" parameter under "System/RouterBOARD" menu on devices that have only one revision;
*) winbox - fixed "ARP" parameter inheritance from "CAPs Configuration" configuration;
*) winbox - fixed "Bands" parameter display for LTE interfaces;
*) winbox - fixed "DSCP" parameter value setting;
*) winbox - fixed "Frequency" and "Secondary Frequency" parameter inheritance from "CAPs Channel" configuration;
*) winbox - fixed "Passthr. MAC Address" parameter display "LTE APNs" menu;
*) winbox - fixed "Switch" menu on CRS354-48P-4S+2Q+;
*) winbox - fixed "dst-port" unsetting in "IP->Hotspot->Walled Garden" menu;
*) winbox - fixed "invalid" flag presence under "System/Certificates/CRL" menu;
*) winbox - fixed automatic "IPv6->Firewall->Address List" table update;
*) winbox - increased limit of multi-entry fields to 100;
*) winbox - made "none" the default value for "Security Profile" parameter when creating a new "Wirelees->Connect list" entry;
*) winbox - renamed "Memory used" to "HDD used" for HDD type under "Tools->Graphing->Resource Graphs";
*) winbox - renamed "Routerboard" to "RouterBOARD" under "System/RouterBOARD" menu;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - added "skip-dfs-channels" parameter;
*) wireless - allow using FCC "U-NII-2" frequency range for hAP ac2 and RBwAPGR series devices;
*) wireless - fixed default "antenna-gain" setting on SXT 2 devices;
*) wireless - improved 5GHz interface stability on RB4011iGS+5HacQ2HnD and Audience;
*) wireless - improved compatibility for "ETSI" wireless country profile;
*) wireless - improved system stability on hAP ac^2;
*) wireless - updated "bangladesh" regulatory domain information;
*) wireless - updated "indonesia4" regulatory domain information;
*) wireless - updated "south africa" regulatory domain information;
Версия 6.45.8
2020-01-29
What's new in 6.45.8 (2020-Jan-23 07:19):
Changes since 6.45.7:
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - improved radar detection algorithm;
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) dhcpv4-server - improved stability when RADIUS interim update is sent;
*) dhcpv6-client - fixed timeout when doing rebind;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - ignore prefix-hint from client's DHCPDISCOVER if static prefix received from RADIUS;
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) ipsec - improved system stability when processing decrypted packet on unregistered interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) lte - show SIM error when no card is present;
*) ppp - fixed connection establishment when receiving "0.0.0.0" DNS;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) security - fixed vulnerability for routers with default password (limited to Wireless Wire), admin could login on startup with empty password before default configuration script was fully loaded;
*) ssh - fixed output printing when "command" parameter used;
*) timezone - updated time zone database to version 2019c;
*) traffic-generator - improved memory handling on CHR;
*) w60g - fixed "monitor" command on disabled interfaces;
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - added "ETSI" regulatory domain information;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved compatibility by adding default installation mode and antenna gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
Changes since 6.45.7:
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - improved radar detection algorithm;
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) dhcpv4-server - improved stability when RADIUS interim update is sent;
*) dhcpv6-client - fixed timeout when doing rebind;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - ignore prefix-hint from client's DHCPDISCOVER if static prefix received from RADIUS;
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) ipsec - improved system stability when processing decrypted packet on unregistered interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) lte - show SIM error when no card is present;
*) ppp - fixed connection establishment when receiving "0.0.0.0" DNS;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) security - fixed vulnerability for routers with default password (limited to Wireless Wire), admin could login on startup with empty password before default configuration script was fully loaded;
*) ssh - fixed output printing when "command" parameter used;
*) timezone - updated time zone database to version 2019c;
*) traffic-generator - improved memory handling on CHR;
*) w60g - fixed "monitor" command on disabled interfaces;
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - added "ETSI" regulatory domain information;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved compatibility by adding default installation mode and antenna gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
Версия 6.45.8
2020-01-29
What's new in 6.45.8 (2020-Jan-23 07:19):
Changes since 6.45.7:
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - improved radar detection algorithm;
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) dhcpv4-server - improved stability when RADIUS interim update is sent;
*) dhcpv6-client - fixed timeout when doing rebind;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - ignore prefix-hint from client's DHCPDISCOVER if static prefix received from RADIUS;
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) ipsec - improved system stability when processing decrypted packet on unregistered interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) lte - show SIM error when no card is present;
*) ppp - fixed connection establishment when receiving "0.0.0.0" DNS;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) security - fixed vulnerability for routers with default password (limited to Wireless Wire), admin could login on startup with empty password before default configuration script was fully loaded;
*) ssh - fixed output printing when "command" parameter used;
*) timezone - updated time zone database to version 2019c;
*) traffic-generator - improved memory handling on CHR;
*) w60g - fixed "monitor" command on disabled interfaces;
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - added "ETSI" regulatory domain information;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved compatibility by adding default installation mode and antenna gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
Changes since 6.45.7:
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - improved radar detection algorithm;
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) dhcpv4-server - improved stability when RADIUS interim update is sent;
*) dhcpv6-client - fixed timeout when doing rebind;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - ignore prefix-hint from client's DHCPDISCOVER if static prefix received from RADIUS;
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) ipsec - improved system stability when processing decrypted packet on unregistered interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) lte - show SIM error when no card is present;
*) ppp - fixed connection establishment when receiving "0.0.0.0" DNS;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) security - fixed vulnerability for routers with default password (limited to Wireless Wire), admin could login on startup with empty password before default configuration script was fully loaded;
*) ssh - fixed output printing when "command" parameter used;
*) timezone - updated time zone database to version 2019c;
*) traffic-generator - improved memory handling on CHR;
*) w60g - fixed "monitor" command on disabled interfaces;
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - added "ETSI" regulatory domain information;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved compatibility by adding default installation mode and antenna gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
Версия 6.45.8
2020-01-29
What's new in 6.45.8 (2020-Jan-23 07:19):
Changes since 6.45.7:
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - improved radar detection algorithm;
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) dhcpv4-server - improved stability when RADIUS interim update is sent;
*) dhcpv6-client - fixed timeout when doing rebind;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - ignore prefix-hint from client's DHCPDISCOVER if static prefix received from RADIUS;
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) ipsec - improved system stability when processing decrypted packet on unregistered interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) lte - show SIM error when no card is present;
*) ppp - fixed connection establishment when receiving "0.0.0.0" DNS;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) security - fixed vulnerability for routers with default password (limited to Wireless Wire), admin could login on startup with empty password before default configuration script was fully loaded;
*) ssh - fixed output printing when "command" parameter used;
*) timezone - updated time zone database to version 2019c;
*) traffic-generator - improved memory handling on CHR;
*) w60g - fixed "monitor" command on disabled interfaces;
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - added "ETSI" regulatory domain information;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved compatibility by adding default installation mode and antenna gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
Changes since 6.45.7:
*) capsman - fixed background scan showing incorrect regulatory domain mismatch error (CAP upgrade required);
*) capsman - improved radar detection algorithm;
*) chr - improved stability when changing ARP modes on e1000 type adapters;
*) console - fixed "clear-history" restoring historic actions after power cycle;
*) console - removed "edit" and "set" actions from "System/History" menu;
*) console - updated copyright notice;
*) crs305 - disable optical SFP/SFP+ module Tx power after disabling SFP+ interface;
*) dhcpv4-server - improved stability when RADIUS interim update is sent;
*) dhcpv6-client - fixed timeout when doing rebind;
*) dhcpv6-client - properly update bind time when unused prefix received from the server;
*) dhcpv6-client - properly update IPv6 address on rebind;
*) dhcpv6-server - fixed logged error message when using "address-pool=static-only";
*) dhcpv6-server - ignore prefix-hint from client's DHCPDISCOVER if static prefix received from RADIUS;
*) health - fixed health reporting on OmniTIK 5 PoE ac;
*) ipsec - improved system stability when processing decrypted packet on unregistered interface;
*) l2tp - improved system stability when disconnecting many clients at once;
*) led - fixed default LED configuration for RBLHG-2nD and RBLHG-5HPnD;
*) lte - show SIM error when no card is present;
*) ppp - fixed connection establishment when receiving "0.0.0.0" DNS;
*) ppp - fixed minor typo in "ppp-client" monitor;
*) ppp - prioritize "remote-ipv6-prefix-pool" from PPP secret over PPP profile;
*) qsfp - do not report bogus monitoring readouts on modules without DDMI support;
*) qsfp - improved module monitoring readouts for DAC and break-out cables;
*) routerboard - added "mode-button" support for RBcAP2nD;
*) security - fixed vulnerability for routers with default password (limited to Wireless Wire), admin could login on startup with empty password before default configuration script was fully loaded;
*) ssh - fixed output printing when "command" parameter used;
*) timezone - updated time zone database to version 2019c;
*) traffic-generator - improved memory handling on CHR;
*) w60g - fixed "monitor" command on disabled interfaces;
*) winbox - automatically refresh "Packets" table when new packets are captured by "Tools/Packet Sniffer";
*) winbox - show "LCD" menu only on boards that have LCD screen;
*) wireless - added "ETSI" regulatory domain information;
*) wireless - added "indonesia4" regulatory domain information;
*) wireless - added U-NII-2 support forRBSXTsqG-5acD, RBLHGG-5acD-XL, RBLHGG-5acD, RBLDFG-5acD, RBDiscG-5acD;
*) wireless - allow using "canada2" regulatory domain on US lock devices;
*) wireless - fixed sensor MAC address reporting in TZSP header;
*) wireless - improved compatibility by adding default installation mode and antenna gain for devices with integrated antennas;
*) wireless - improved compatibility for Switzerland wireless country profile to improve compliance with ETSI regulations;
*) wireless - improved IPQ4019, QCA9984, QCA9888 wireless interface stability;
Версия 6.44.6
2019-10-28
What's new in 6.44.6 (2019-Oct-24 09:37):
MAJOR CHANGES IN v6.44.6:
----------------------
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) ccr - improved packet processing after overloading interface;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs328 - adjust fan speed based on SFP and CPU temperature;
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) export - fixed "bootp-support" parameter export;
*) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) ipsec - fixed minor spelling mistakes in logs;
*) led - fixed default LED configuration for RBLHG5nD;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) profile - added "internet-detect" process classificator;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) smb - improved stability on x86 and CHR;
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - fixed carriage return presence in subsequent sessions;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) switch - fix port isolation for non-CRS series switch chips;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) system - improved system stability for devices with AR9342 SoC;
*) upgrade - fixed "auto-upgrade" to use new style authentication;
*) upnp - fixed XML parsing (FG-VD-19-110);
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) wireless - fixed basic rate reporting in snooper;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved range selection when distance set to "dynamic";
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
MAJOR CHANGES IN v6.44.6:
----------------------
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) ccr - improved packet processing after overloading interface;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs328 - adjust fan speed based on SFP and CPU temperature;
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) export - fixed "bootp-support" parameter export;
*) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) ipsec - fixed minor spelling mistakes in logs;
*) led - fixed default LED configuration for RBLHG5nD;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) profile - added "internet-detect" process classificator;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) smb - improved stability on x86 and CHR;
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - fixed carriage return presence in subsequent sessions;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) switch - fix port isolation for non-CRS series switch chips;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) system - improved system stability for devices with AR9342 SoC;
*) upgrade - fixed "auto-upgrade" to use new style authentication;
*) upnp - fixed XML parsing (FG-VD-19-110);
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) wireless - fixed basic rate reporting in snooper;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved range selection when distance set to "dynamic";
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
Версия 6.44.6
2019-10-28
What's new in 6.44.6 (2019-Oct-24 09:37):
MAJOR CHANGES IN v6.44.6:
----------------------
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) ccr - improved packet processing after overloading interface;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs328 - adjust fan speed based on SFP and CPU temperature;
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) export - fixed "bootp-support" parameter export;
*) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) ipsec - fixed minor spelling mistakes in logs;
*) led - fixed default LED configuration for RBLHG5nD;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) profile - added "internet-detect" process classificator;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) smb - improved stability on x86 and CHR;
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - fixed carriage return presence in subsequent sessions;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) switch - fix port isolation for non-CRS series switch chips;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) system - improved system stability for devices with AR9342 SoC;
*) upgrade - fixed "auto-upgrade" to use new style authentication;
*) upnp - fixed XML parsing (FG-VD-19-110);
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) wireless - fixed basic rate reporting in snooper;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved range selection when distance set to "dynamic";
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
MAJOR CHANGES IN v6.44.6:
----------------------
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) ccr - improved packet processing after overloading interface;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs328 - adjust fan speed based on SFP and CPU temperature;
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) export - fixed "bootp-support" parameter export;
*) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) ipsec - fixed minor spelling mistakes in logs;
*) led - fixed default LED configuration for RBLHG5nD;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) profile - added "internet-detect" process classificator;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) smb - improved stability on x86 and CHR;
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - fixed carriage return presence in subsequent sessions;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) switch - fix port isolation for non-CRS series switch chips;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) system - improved system stability for devices with AR9342 SoC;
*) upgrade - fixed "auto-upgrade" to use new style authentication;
*) upnp - fixed XML parsing (FG-VD-19-110);
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) wireless - fixed basic rate reporting in snooper;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved range selection when distance set to "dynamic";
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
Версия 6.44.6
2019-10-28
What's new in 6.44.6 (2019-Oct-24 09:37):
MAJOR CHANGES IN v6.44.6:
----------------------
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) ccr - improved packet processing after overloading interface;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs328 - adjust fan speed based on SFP and CPU temperature;
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) export - fixed "bootp-support" parameter export;
*) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) ipsec - fixed minor spelling mistakes in logs;
*) led - fixed default LED configuration for RBLHG5nD;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) profile - added "internet-detect" process classificator;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) smb - improved stability on x86 and CHR;
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - fixed carriage return presence in subsequent sessions;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) switch - fix port isolation for non-CRS series switch chips;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) system - improved system stability for devices with AR9342 SoC;
*) upgrade - fixed "auto-upgrade" to use new style authentication;
*) upnp - fixed XML parsing (FG-VD-19-110);
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) wireless - fixed basic rate reporting in snooper;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved range selection when distance set to "dynamic";
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
MAJOR CHANGES IN v6.44.6:
----------------------
!) package - accept only packages with original filenames (CVE-2019-3976);
!) package - improved package signature verification (CVE-2019-3977);
!) security - fixed improper handling of DNS responses (CVE-2019-3978, CVE-2019-3979);
----------------------
Changes in this release:
*) capsman - fixed frequency setting requiring multiple frequencies;
*) capsman - fixed newline character missing on some logging messages;
*) ccr - improved packet processing after overloading interface;
*) crs312 - fixed combo SFP port toggling (introduced in v6.44.5);
*) crs328 - adjust fan speed based on SFP and CPU temperature;
*) crs3xx - correctly display link rate when 10/100/1000BASE-T SFP modules are used in SFP+ interfaces;
*) crs3xx - fixed management access when using switch rule "new-vlan-priority" property;
*) export - fixed "bootp-support" parameter export;
*) health - improved fan control on CRS3xx and CCR1016-12S-1S+r2;
*) ike2 - fixed policy port selection for responder with natted initiator;
*) ike2 - fixed traffic selector address family selection when using IPv6;
*) interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44);
*) ipsec - allow inline "passphrase" parameter when importing keys;
*) ipsec - fixed minor spelling mistakes in logs;
*) led - fixed default LED configuration for RBLHG5nD;
*) ospf - fixed opaque LSA type checking in OSPFv2;
*) ospf - fixed possible busy loop condition when accessing OSPF LSAs;
*) ospf - improved "unknown" LSA handling in OSPFv3;
*) profile - added "internet-detect" process classificator;
*) radius - fixed open socket leak when invalid packet is received (introduced in v6.44);
*) sfp - fixed "sfp-rx-power" value for some transceivers;
*) smb - improved stability on x86 and CHR;
*) snmp - fixed encrypted data sequence (introduced in v6.44.5);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - accept remote forwarding requests with empty hostnames;
*) ssh - fixed carriage return presence in subsequent sessions;
*) ssh - improved remote forwarding handling (introduced in v6.44.3);
*) supout - fixed supout file generation outside of internal storage with insufficient space;
*) switch - fix port isolation for non-CRS series switch chips;
*) system - accept only valid string for "name" parameter in "disk" menu (CVE-2019-15055);
*) system - improved system stability for devices with AR9342 SoC;
*) upgrade - fixed "auto-upgrade" to use new style authentication;
*) upnp - fixed XML parsing (FG-VD-19-110);
*) watchdog - renamed "no-ping-delay" parameter to "ping-start-after-boot";
*) winbox - added "auto-erase" parameter to "Tools/SMS" menu;
*) winbox - added "https-redirect" parameter to "IP/Hotspot/Profiles menu";
*) winbox - added "revision" parameter to "System/Routerboard" menu;
*) winbox - removed "max-sms" parameter from "Tools/SMS" menu;
*) wireless - fixed basic rate reporting in snooper;
*) wireless - improved 802.11ac stability for all ARM devices with wireless;
*) wireless - improved range selection when distance set to "dynamic";
*) wireless - improved stability when setting fixed primary and secondary channels on RB4011iGS+5HacQ2HnD-IN;
Версия 6.44.5
2019-07-09
What's new in 6.44.5 (2019-Jul-04 10:32):
MAJOR CHANGES IN v6.44.5:
----------------------
!) security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
----------------------
Changes in this release:
*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) certificate - removed "set-ca-passphrase" parameter;
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipv6 - improved system stability when receiving bogus packets;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) rb3011 - improved system stability when receiving bogus packets;
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added IPv6 ND section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - updated "china" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
MAJOR CHANGES IN v6.44.5:
----------------------
!) security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
----------------------
Changes in this release:
*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) certificate - removed "set-ca-passphrase" parameter;
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipv6 - improved system stability when receiving bogus packets;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) rb3011 - improved system stability when receiving bogus packets;
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added IPv6 ND section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - updated "china" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Версия 6.44.5
2019-07-09
What's new in 6.44.5 (2019-Jul-04 10:32):
MAJOR CHANGES IN v6.44.5:
----------------------
!) security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
----------------------
Changes in this release:
*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) certificate - removed "set-ca-passphrase" parameter;
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipv6 - improved system stability when receiving bogus packets;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) rb3011 - improved system stability when receiving bogus packets;
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added IPv6 ND section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - updated "china" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
MAJOR CHANGES IN v6.44.5:
----------------------
!) security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
----------------------
Changes in this release:
*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) certificate - removed "set-ca-passphrase" parameter;
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipv6 - improved system stability when receiving bogus packets;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) rb3011 - improved system stability when receiving bogus packets;
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added IPv6 ND section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - updated "china" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Версия 6.44.5
2019-07-09
What's new in 6.44.5 (2019-Jul-04 10:32):
MAJOR CHANGES IN v6.44.5:
----------------------
!) security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
----------------------
Changes in this release:
*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) certificate - removed "set-ca-passphrase" parameter;
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipv6 - improved system stability when receiving bogus packets;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) rb3011 - improved system stability when receiving bogus packets;
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added IPv6 ND section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - updated "china" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
MAJOR CHANGES IN v6.44.5:
----------------------
!) security - fixed vulnerabilities CVE-2019-13954, CVE-2019-13955;
!) security - fixed vulnerabilities CVE-2019-11477, CVE-2019-11478, CVE-2019-11479;
!) security - fixed vulnerability CVE-2019-13074;
----------------------
Changes in this release:
*) bridge - correctly handle bridge host table;
*) capsman - fixed CAP system upgrading process for MMIPS;
*) capsman - fixed interface-list usage in access list;
*) certificate - removed "set-ca-passphrase" parameter;
*) cloud - properly stop "time-zone-autodetect" after disable;
*) conntrack - fixed GRE protocol packet connection-state matching (CVE-2014-8160);
*) defconf - automatically set "installation" parameter for outdoor devices;
*) dhcpv6-client - fixed status update when leaving "bound" state;
*) dhcpv6-server - fixed dynamic IPv6 binding without proper reference to the server;
*) dhcpv6-server - override prefix pool and/or DNS server settings by values received from RADIUS;
*) discovery - fixed CDP packets not including address on slave ports (introduced in v6.44);
*) e-mail - properly release e-mail sending session if the server's domain name can not be resolved;
*) firewall - fixed fragmented packet processing when only RAW firewall is configured;
*) firewall - process packets by firewall when accepted by RAW with disabled connection tracking;
*) gps - strip unnecessary trailing characters from "longtitude" and "latitude" values;
*) hotspot - moved "title" HTML tag after "meta" tags;
*) ipv6 - improved system stability when receiving bogus packets;
*) ovpn - added "verify-server-certificate" parameter for OVPN client (CVE-2018-10066);
*) rb3011 - improved system stability when receiving bogus packets;
*) rb921 - improved system stability ("/system routerboard upgrade" required);
*) snmp - improved reliability on SNMP service packet validation;
*) ssh - fixed non-interactive multiple command execution;
*) supout - added IPv6 ND section to supout file;
*) supout - added "pwr-line" section to supout file;
*) supout - changed IPv6 pool section to output detailed print;
*) winbox - do not allow setting "dns-lookup-interval" to "0";
*) wireless - improved DFS radar detection when using non-ETSI regulated country;
*) wireless - improved installation mode selection for wireless outdoor equipment;
*) wireless - updated "china" regulatory domain information;
*) www - improved client-initiated renegotiation within the SSL and TLS protocols (CVE-2011-1473);
Версия 6.43.16
2019-05-15
What's new in 6.43.16 (2019-May-14 11:40):
*) w60g - fixed memory leak (introduced in v6.43.15);
*) w60g - fixed memory leak (introduced in v6.43.15);
Версия 6.43.16
2019-05-15
What's new in 6.43.16 (2019-May-14 11:40):
*) w60g - fixed memory leak (introduced in v6.43.15);
*) w60g - fixed memory leak (introduced in v6.43.15);
Версия 6.43.16
2019-05-15
What's new in 6.43.16 (2019-May-14 11:40):
*) w60g - fixed memory leak (introduced in v6.43.15);
*) w60g - fixed memory leak (introduced in v6.43.15);
Версия 6.43.15
2019-05-13
What's new in 6.43.15 (2019-May-10 12:44):
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - use default APN name "internet" when not provided;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behaviour;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) smb - fixed possible buffer overflow;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - do not generate host key on configuration export;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) userman - updated authorize.net gateway DNS name;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - improved wireless country settings for EU countries, outdoor models will use outdoor frequency range by default;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) wireless - improved wireless country settings for EU countries;
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - use default APN name "internet" when not provided;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behaviour;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) smb - fixed possible buffer overflow;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - do not generate host key on configuration export;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) userman - updated authorize.net gateway DNS name;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - improved wireless country settings for EU countries, outdoor models will use outdoor frequency range by default;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) wireless - improved wireless country settings for EU countries;
Версия 6.43.15
2019-05-13
What's new in 6.43.15 (2019-May-10 12:44):
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - use default APN name "internet" when not provided;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behaviour;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) smb - fixed possible buffer overflow;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - do not generate host key on configuration export;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) userman - updated authorize.net gateway DNS name;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - improved wireless country settings for EU countries, outdoor models will use outdoor frequency range by default;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) wireless - improved wireless country settings for EU countries;
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - use default APN name "internet" when not provided;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behaviour;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) smb - fixed possible buffer overflow;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - do not generate host key on configuration export;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) userman - updated authorize.net gateway DNS name;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - improved wireless country settings for EU countries, outdoor models will use outdoor frequency range by default;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) wireless - improved wireless country settings for EU countries;
Версия 6.43.15
2019-05-13
What's new in 6.43.15 (2019-May-10 12:44):
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - use default APN name "internet" when not provided;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behaviour;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) smb - fixed possible buffer overflow;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - do not generate host key on configuration export;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) userman - updated authorize.net gateway DNS name;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - improved wireless country settings for EU countries, outdoor models will use outdoor frequency range by default;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) wireless - improved wireless country settings for EU countries;
*) dhcpv4-server - fixed commenting option for alerts;
*) dhcpv6-server - fixed binding setting update from RADIUS;
*) ike1 - improved stability for transport mode policies on initiator side;
*) ipv6 - adjusted IPv6 route cache max size;
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
*) ipv6 - improved IPv6 neighbor table updating process;
*) lte - reset LTE modem only when SIM slot is changed on dual SIM slot devices;
*) lte - use default APN name "internet" when not provided;
*) rb2011 - removed "sfp-led" from "System/LEDs" menu;
*) rb4011 - fixed SFP+ interface full duplex and speed parameter behaviour;
*) rb4011 - improved SFP+ interface linking to 1Gbps;
*) smb - fixed possible buffer overflow;
*) snmp - added "radio-name" (mtxrWlRtabRadioName) OID support;
*) ssh - do not generate host key on configuration export;
*) switch - fixed possible crash when interface state changes and DHCP Snooping is enabled;
*) system - accept only valid path for "log-file" parameter in "port" menu;
*) userman - updated authorize.net gateway DNS name;
*) webfig - improved file handling;
*) winbox - improved file handling;
*) winbox - show "R" flag under "IPv6/DHCP Server/Bindings" tab;
*) wireless - added support for US FCC UNII-2 and Canada country profiles for LHG-5HPnD-US, RBLHG-5HPnD-XL-US and SXTsq5HPnD-US devices;
*) wireless - improved wireless country settings for EU countries, outdoor models will use outdoor frequency range by default;
*) wireless - improved system stability for all devices with 802.11ac wireless;
*) wireless - improved wireless country settings for EU countries;
Версия 6.43.14
2019-04-04
What's new in 6.43.14 (2019-Apr-02 09:12):
MAJOR CHANGES IN v6.43.14:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
MAJOR CHANGES IN v6.43.14:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
Версия 6.43.14
2019-04-04
What's new in 6.43.14 (2019-Apr-02 09:12):
MAJOR CHANGES IN v6.43.14:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
MAJOR CHANGES IN v6.43.14:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
Версия 6.43.14
2019-04-04
What's new in 6.43.14 (2019-Apr-02 09:12):
MAJOR CHANGES IN v6.43.14:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
MAJOR CHANGES IN v6.43.14:
----------------------
!) ipv6 - fixed soft lockup when forwarding IPv6 packets;
!) ipv6 - fixed soft lockup when processing large IPv6 Neighbor table;
----------------------
Changes in this release:
*) ipv6 - adjust IPv6 route cache max size based on total RAM memory;
Версия 6.43.13
2019-03-20
What's new in 6.43.13 (2019-Mar-13 11:27):
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) capsman - always accept connections from loopback address;
*) certificate - force 3DES encryption for P12 certificate export;
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) fetch - improved file downloading to slow memory;
*) gps - increase precision for dd format;
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) kidcontrol - fixed validation checks for time intervals;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) lldp - fixed missing capabilities fields on some devices;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved SIM7600 initialization after reset;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) smb - added commenting option for SMB users (CLI only);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) supout - fixed "poe-out" output not showing all interfaces;
*) supout - fixed Profile output on single core devices;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menu;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved connection stability for new model Apple devices;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) capsman - always accept connections from loopback address;
*) certificate - force 3DES encryption for P12 certificate export;
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) fetch - improved file downloading to slow memory;
*) gps - increase precision for dd format;
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) kidcontrol - fixed validation checks for time intervals;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) lldp - fixed missing capabilities fields on some devices;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved SIM7600 initialization after reset;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) smb - added commenting option for SMB users (CLI only);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) supout - fixed "poe-out" output not showing all interfaces;
*) supout - fixed Profile output on single core devices;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menu;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved connection stability for new model Apple devices;
Версия 6.43.13
2019-03-20
What's new in 6.43.13 (2019-Mar-13 11:27):
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) capsman - always accept connections from loopback address;
*) certificate - force 3DES encryption for P12 certificate export;
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) fetch - improved file downloading to slow memory;
*) gps - increase precision for dd format;
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) kidcontrol - fixed validation checks for time intervals;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) lldp - fixed missing capabilities fields on some devices;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved SIM7600 initialization after reset;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) smb - added commenting option for SMB users (CLI only);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) supout - fixed "poe-out" output not showing all interfaces;
*) supout - fixed Profile output on single core devices;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menu;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved connection stability for new model Apple devices;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) capsman - always accept connections from loopback address;
*) certificate - force 3DES encryption for P12 certificate export;
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) fetch - improved file downloading to slow memory;
*) gps - increase precision for dd format;
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) kidcontrol - fixed validation checks for time intervals;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) lldp - fixed missing capabilities fields on some devices;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved SIM7600 initialization after reset;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) smb - added commenting option for SMB users (CLI only);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) supout - fixed "poe-out" output not showing all interfaces;
*) supout - fixed Profile output on single core devices;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menu;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved connection stability for new model Apple devices;
Версия 6.43.13
2019-03-20
What's new in 6.43.13 (2019-Mar-13 11:27):
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) capsman - always accept connections from loopback address;
*) certificate - force 3DES encryption for P12 certificate export;
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) fetch - improved file downloading to slow memory;
*) gps - increase precision for dd format;
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) kidcontrol - fixed validation checks for time intervals;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) lldp - fixed missing capabilities fields on some devices;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved SIM7600 initialization after reset;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) smb - added commenting option for SMB users (CLI only);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) supout - fixed "poe-out" output not showing all interfaces;
*) supout - fixed Profile output on single core devices;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menu;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved connection stability for new model Apple devices;
*) bridge - count routed FastPath packets between bridge ports under FastPath bridge statistics;
*) bridge - fixed BOOTP packet forwarding when DHCP Snooping is enabled;
*) bridge - fixed packet forwarding with enabled DHCP Snooping and Option 82;
*) bridge - fixed possible memory leak when using "ingress-filtering=yes" on bridge interface;
*) bridge - fixed system's identity change when DHCP Snooping is enabled (introduced in v6.43);
*) capsman - always accept connections from loopback address;
*) certificate - force 3DES encryption for P12 certificate export;
*) dhcp - fixed dual stack queue addition;
*) dhcpv6-server - allow to add DHCPv6 server with pool that does not exist;
*) dhcpv6-server - fixed missing gateway for binding's network if RADIUS authentication was used;
*) ethernet - added "tx-rx-1024-max" counter to Ethernet stats;
*) ethernet - fixed packet forwarding when SFP interface is disabled on hEX S;
*) fetch - improved file downloading to slow memory;
*) gps - increase precision for dd format;
*) gps - removed unnecessary leading "0" for dd format;
*) ipsec - fixed all policies not getting installed after startup (introduced in v6.43.8);
*) ipsec - fixed stability issues after changing peer configuration (introduced in v6.43);
*) ipv6 - do not allow setting "preferred-lifetime" longer than "valid-lifetime";
*) kidcontrol - added "tur-fri", "tur-mon", "tur-sat", "tur-sun", "tur-thu", "tur-tue", "tur-wed" parameters;
*) kidcontrol - fixed validation checks for time intervals;
*) led - fixed default LED configuration for RBSXTsq-60ad;
*) lldp - fixed missing capabilities fields on some devices;
*) lte - do not show "session-uptime" if session is not up;
*) lte - improved SIM7600 initialization after reset;
*) netinstall - do not show kernel failure critical messages in the log after fresh install;
*) ntp-client - fixed "dst-active" and "gmt-offset" being updated after synchronization with server;
*) ppp - fixed dynamic route creation towards VPN server when "add-default-route" is used;
*) rb4011 - fixed ether10 failing to auto negotiate link speed to 1Gbps;
*) smb - added commenting option for SMB users (CLI only);
*) smb - fixed macOS clients not showing share contents;
*) smb - fixed Windows 10 clients not able to establish connection to share;
*) ssh - close active SSH connections before IPsec connections on shutdown;
*) supout - fixed "poe-out" output not showing all interfaces;
*) supout - fixed Profile output on single core devices;
*) winbox - added "conflict-detection" parameter in "IP/DHCP Server" menu;
*) winbox - added "coordinate-format" parameter in LTE interface settings;
*) winbox - added "use-local-address" parameter in "IP/Cloud" menu;
*) winbox - allow specifying interface lists in "CAPsMAN/Access List" menu;
*) winbox - fixed "IPv6/Firewall" "Connection limit" parameter not allowing complete IPv6 prefix lengths;
*) winbox - fixed "LCD" menu not shown on RB2011UiAS-2HnD;
*) winbox - moved "Too Long" statistics counter to Ethernet "Rx Stats" tab;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that have such feature;
*) wireless - fixed antenna gain setting on RBSXT5nDr2;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - improved AR5212 response to incoming ACK frames;
*) wireless - improved connection stability for new model Apple devices;
Версия 6.42.9
2018-10-01
What's new in 6.42.9 (2018-Sep-27 05:19):
Important note!!! Backup before upgrade!
RouterOS v6.41 and above contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus.
Please, note that downgrading below RouterOS v6.41 will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) dns - fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - added missing parameters from export;
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) ike2 - improved subsequent phase 2 initialization when no child exist;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP, hAP ac lite and LtAP mini devices;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed LTE registration in 2G/3G mode;
*) ospf - improved link-local LSA flooding;
*) ospf - improved stability when originating LSAs with OSPFv3;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) routerboard - show "boot-os" option only on devices that have such feature;
*) routerboot - fixed RouterOS booting on devices with particular NAND memory;
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) supout - added "files" section to supout file;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) webfig - fixed www service becoming unresponsive;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
What's new in 6.42.8 (2018-Sep-21 13:30):
(factory only release)
Important note!!! Backup before upgrade!
RouterOS v6.41 and above contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus.
Please, note that downgrading below RouterOS v6.41 will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) dns - fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - added missing parameters from export;
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) ike2 - improved subsequent phase 2 initialization when no child exist;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP, hAP ac lite and LtAP mini devices;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed LTE registration in 2G/3G mode;
*) ospf - improved link-local LSA flooding;
*) ospf - improved stability when originating LSAs with OSPFv3;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) routerboard - show "boot-os" option only on devices that have such feature;
*) routerboot - fixed RouterOS booting on devices with particular NAND memory;
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) supout - added "files" section to supout file;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) webfig - fixed www service becoming unresponsive;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
What's new in 6.42.8 (2018-Sep-21 13:30):
(factory only release)
Версия 6.42.9
2018-10-01
What's new in 6.42.9 (2018-Sep-27 05:19):
Important note!!! Backup before upgrade!
RouterOS v6.41 and above contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus.
Please, note that downgrading below RouterOS v6.41 will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) dns - fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - added missing parameters from export;
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) ike2 - improved subsequent phase 2 initialization when no child exist;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP, hAP ac lite and LtAP mini devices;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed LTE registration in 2G/3G mode;
*) ospf - improved link-local LSA flooding;
*) ospf - improved stability when originating LSAs with OSPFv3;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) routerboard - show "boot-os" option only on devices that have such feature;
*) routerboot - fixed RouterOS booting on devices with particular NAND memory;
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) supout - added "files" section to supout file;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) webfig - fixed www service becoming unresponsive;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
What's new in 6.42.8 (2018-Sep-21 13:30):
(factory only release)
Important note!!! Backup before upgrade!
RouterOS v6.41 and above contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus.
Please, note that downgrading below RouterOS v6.41 will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) dns - fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - added missing parameters from export;
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) ike2 - improved subsequent phase 2 initialization when no child exist;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP, hAP ac lite and LtAP mini devices;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed LTE registration in 2G/3G mode;
*) ospf - improved link-local LSA flooding;
*) ospf - improved stability when originating LSAs with OSPFv3;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) routerboard - show "boot-os" option only on devices that have such feature;
*) routerboot - fixed RouterOS booting on devices with particular NAND memory;
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) supout - added "files" section to supout file;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) webfig - fixed www service becoming unresponsive;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
What's new in 6.42.8 (2018-Sep-21 13:30):
(factory only release)
Версия 6.42.9
2018-10-01
What's new in 6.42.9 (2018-Sep-27 05:19):
Important note!!! Backup before upgrade!
RouterOS v6.41 and above contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus.
Please, note that downgrading below RouterOS v6.41 will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) dns - fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - added missing parameters from export;
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) ike2 - improved subsequent phase 2 initialization when no child exist;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP, hAP ac lite and LtAP mini devices;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed LTE registration in 2G/3G mode;
*) ospf - improved link-local LSA flooding;
*) ospf - improved stability when originating LSAs with OSPFv3;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) routerboard - show "boot-os" option only on devices that have such feature;
*) routerboot - fixed RouterOS booting on devices with particular NAND memory;
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) supout - added "files" section to supout file;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) webfig - fixed www service becoming unresponsive;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
What's new in 6.42.8 (2018-Sep-21 13:30):
(factory only release)
Important note!!! Backup before upgrade!
RouterOS v6.41 and above contains new bridge implementation that supports hardware offloading (hw-offload).
This update will convert all interface "master-port" configuration into new bridge configuration, and eliminate "master-port" option as such.
Bridge will handle all Layer2 forwarding and the use of switch-chip (hw-offload) will be automatically turned on based on appropriate conditions.
The rest of RouterOS Switch specific configuration remains untouched in usual menus.
Please, note that downgrading below RouterOS v6.41 will not restore "master-port" configuration, so use backups to restore configuration on downgrade.
*) bridge - ignore tagged BPDUs when bridge VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) crs317 - fixed packet forwarding on bonded interfaces without hardware offloading;
*) crs326/crs328 - fixed packet forwarding when port changes states with IGMP Snooping enabled;
*) defconf - properly clear global variables when generating default configuration after RouterOS upgrade;
*) dns - fixed DNS cache service becoming unresponsive when active Hotspot server is present on the router (introduced in 6.42);
*) filesystem - fixed NAND memory going into read-only mode (requires "factory-firmware" >= 3.41.1 and "current-firmware" >= 6.43);
*) health - added missing parameters from export;
*) health - fixed voltage measurements for RB493G devices;
*) hotspot - properly update dynamic "walled-garden" entries when changing "dst-host";
*) ike2 - fixed rare authentication and encryption key mismatches after rekey with PFS enabled;
*) ike2 - improved subsequent phase 2 initialization when no child exist;
*) ipsec - improved invalid policy handling when a valid policy is uninstalled;
*) ipsec - improved stability when using IPsec with disabled route cache;
*) led - added "dark-mode" functionality for wsAP ac lite, RB951Ui-2nD, hAP, hAP ac lite and LtAP mini devices;
*) lte - fixed LTE interface not working properly after reboot on RBSXTLTE3-7;
*) lte - fixed LTE registration in 2G/3G mode;
*) ospf - improved link-local LSA flooding;
*) ospf - improved stability when originating LSAs with OSPFv3;
*) routerboard - fixed memory tester reporting false errors on IPQ4018 devices ("/system routerboard upgrade" required);
*) routerboard - show "boot-os" option only on devices that have such feature;
*) routerboot - fixed RouterOS booting on devices with particular NAND memory;
*) sniffer - made "connection", "host", "packet" and "protocol" sections read-only;
*) supout - added "files" section to supout file;
*) upgrade - fixed RouterOS upgrade process from RouterOS v5 on PowerPC;
*) upnp - improved UPnP service stability when handling HTTP requests;
*) userman - fixed "shared-secret" parameter requiring "sensitive" policy;
*) w60g - added "frequency-list" setting;
*) w60g - fixed interface LED status update on connection;
*) w60g - fixed random disconnects;
*) w60g - general stability and performance improvements;
*) webfig - fixed time interval settings not applied properly under "IP/Kid Control/Kids" menu;
*) webfig - fixed www service becoming unresponsive;
*) winbox - show "System/RouterBOARD/Mode Button" on devices that has such feature;
*) wireless - accept only valid path for sniffer output file parameter;
*) wireless - fixed "/interface wireless sniffer packet print follow" output;
What's new in 6.42.8 (2018-Sep-21 13:30):
(factory only release)
Версия 6.42.12
2019-02-12
What's new in 6.42.12 (2019-Feb-12 08:23):
MAJOR CHANGES IN v6.42.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) smb - fixed possible buffer overflow;
*) w60g - fixed disconnection issues in PtMP setups;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info" command;
MAJOR CHANGES IN v6.42.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) smb - fixed possible buffer overflow;
*) w60g - fixed disconnection issues in PtMP setups;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info" command;
Версия 6.42.12
2019-02-12
What's new in 6.42.12 (2019-Feb-12 08:23):
MAJOR CHANGES IN v6.42.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) smb - fixed possible buffer overflow;
*) w60g - fixed disconnection issues in PtMP setups;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info" command;
MAJOR CHANGES IN v6.42.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) smb - fixed possible buffer overflow;
*) w60g - fixed disconnection issues in PtMP setups;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info" command;
Версия 6.42.12
2019-02-12
What's new in 6.42.12 (2019-Feb-12 08:23):
MAJOR CHANGES IN v6.42.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) smb - fixed possible buffer overflow;
*) w60g - fixed disconnection issues in PtMP setups;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info" command;
MAJOR CHANGES IN v6.42.12:
----------------------
!) winbox - improvements in connection handling to router with open winbox service (CVE-2019–3924);
----------------------
*) ipsec - accept only valid path for "export-pub-key" parameter in "key" menu;
*) quickset - fixed "country" parameter not properly setting regulatory domain configuration;
*) smb - fixed possible buffer overflow;
*) w60g - fixed disconnection issues in PtMP setups;
*) wireless - improved antenna gain setting for devices with built in antennas;
*) wireless - show indoor/outdoor frequency limitations under "/interface wireless info country-info" command;
Версия 6.42.11
2019-01-09
What's new in 6.42.11 (2018-Dec-21 09:17):
MAJOR CHANGES IN v6.42.11:
----------------------
!) telnet - do not allow to set "tracefile" parameter;
----------------------
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - properly flush old CRLs when changing store location;
*) console - properly remove system note after configuration reset;
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) export - fixed "silent-boot" compact export;
*) gps - added "coordinate-format" parameter;
*) interface - improved system stability when including/excluding a list to itself;
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) log - properly handle long echo messages;
*) lte - added support for more ZTE MF90 modems;
*) lte - disallow setting LTE interface as passthrough target;
*) package - use bundled package by default if standalone packages are installed as well;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD and RB4011iGS+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved stability for 802.11ac;
*) wireless - improvements in wireless frequency selection;
MAJOR CHANGES IN v6.42.11:
----------------------
!) telnet - do not allow to set "tracefile" parameter;
----------------------
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - properly flush old CRLs when changing store location;
*) console - properly remove system note after configuration reset;
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) export - fixed "silent-boot" compact export;
*) gps - added "coordinate-format" parameter;
*) interface - improved system stability when including/excluding a list to itself;
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) log - properly handle long echo messages;
*) lte - added support for more ZTE MF90 modems;
*) lte - disallow setting LTE interface as passthrough target;
*) package - use bundled package by default if standalone packages are installed as well;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD and RB4011iGS+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved stability for 802.11ac;
*) wireless - improvements in wireless frequency selection;
Версия 6.42.11
2019-01-09
What's new in 6.42.11 (2018-Dec-21 09:17):
MAJOR CHANGES IN v6.42.11:
----------------------
!) telnet - do not allow to set "tracefile" parameter;
----------------------
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - properly flush old CRLs when changing store location;
*) console - properly remove system note after configuration reset;
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) export - fixed "silent-boot" compact export;
*) gps - added "coordinate-format" parameter;
*) interface - improved system stability when including/excluding a list to itself;
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) log - properly handle long echo messages;
*) lte - added support for more ZTE MF90 modems;
*) lte - disallow setting LTE interface as passthrough target;
*) package - use bundled package by default if standalone packages are installed as well;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD and RB4011iGS+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved stability for 802.11ac;
*) wireless - improvements in wireless frequency selection;
MAJOR CHANGES IN v6.42.11:
----------------------
!) telnet - do not allow to set "tracefile" parameter;
----------------------
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - properly flush old CRLs when changing store location;
*) console - properly remove system note after configuration reset;
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) export - fixed "silent-boot" compact export;
*) gps - added "coordinate-format" parameter;
*) interface - improved system stability when including/excluding a list to itself;
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) log - properly handle long echo messages;
*) lte - added support for more ZTE MF90 modems;
*) lte - disallow setting LTE interface as passthrough target;
*) package - use bundled package by default if standalone packages are installed as well;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD and RB4011iGS+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved stability for 802.11ac;
*) wireless - improvements in wireless frequency selection;
Версия 6.42.11
2019-01-09
What's new in 6.42.11 (2018-Dec-21 09:17):
MAJOR CHANGES IN v6.42.11:
----------------------
!) telnet - do not allow to set "tracefile" parameter;
----------------------
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - properly flush old CRLs when changing store location;
*) console - properly remove system note after configuration reset;
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) export - fixed "silent-boot" compact export;
*) gps - added "coordinate-format" parameter;
*) interface - improved system stability when including/excluding a list to itself;
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) log - properly handle long echo messages;
*) lte - added support for more ZTE MF90 modems;
*) lte - disallow setting LTE interface as passthrough target;
*) package - use bundled package by default if standalone packages are installed as well;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD and RB4011iGS+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved stability for 802.11ac;
*) wireless - improvements in wireless frequency selection;
MAJOR CHANGES IN v6.42.11:
----------------------
!) telnet - do not allow to set "tracefile" parameter;
----------------------
*) capsman - fixed "group-key-update" parameter not using correct units;
*) certificate - properly flush old CRLs when changing store location;
*) console - properly remove system note after configuration reset;
*) dhcpv6-server - properly handle DHCP requests that include prefix hint;
*) discovery - fixed malformed neighbor information for routers that has incomplete IPv6 configuration;
*) discovery - fixed neighbor discovery for PPP interfaces;
*) export - fixed "silent-boot" compact export;
*) gps - added "coordinate-format" parameter;
*) interface - improved system stability when including/excluding a list to itself;
*) kidcontrol - do not allow users with "read" policy to pause and resume kids;
*) led - fixed default LED configuration for RBMetalG-52SHPacn;
*) log - properly handle long echo messages;
*) lte - added support for more ZTE MF90 modems;
*) lte - disallow setting LTE interface as passthrough target;
*) package - use bundled package by default if standalone packages are installed as well;
*) resource - fixed "total-memory" reporting on ARM devices;
*) snmp - added "tx-ccq" ("mtxrWlStatTxCCQ") and "rx-ccq" ("mtxrWlStatRxCCQ") values;
*) snmp - do not initialise interface traps on bootup if they are not enabled;
*) switch - fixed MAC learning when disabling interfaces on devices with Atheros8327 and QCA8337 switch chips;
*) system - fixed situation when all configuration was not properly loaded on bootup;
*) timezone - fixed "Europe/Dublin" time zone;
*) upgrade - automatically uninstall standalone package if already installed in bundle;
*) webfig - do not show bogus VHT field in wireless interface advanced mode;
*) winbox - allow to change VHT rates when 5ghz-n/ac band is used;
*) winbox - renamed "Radius" to "RADIUS";
*) winbox - show "Switch" menu on RB4011iGS+5HacQ2HnD and RB4011iGS+;
*) wireless - added new "installation" parameter to specify router's location;
*) wireless - improved stability for 802.11ac;
*) wireless - improvements in wireless frequency selection;
Версия 6.42.10
2018-11-20
What's new in 6.42.10 (2018-Nov-14 15:04):
MAJOR CHANGES IN v6.42.10:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - properly disable dynamic CAP interfaces;
*) certificate - fixed time zone adjustment for SCEP requests;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - properly load default configuration after reset (introduced in v6.42.9);
*) health - fixed bad voltage readings on RB493G;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly update warnings under peer menu;
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) led - fixed default LED configuration for SXT LTE kit and wAP 60G AP devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) ntp - fixed possible NTP server stuck in "started" state;
*) ospf - improved stability while handling type-5 LSAs;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - show "boot-os" and "force-backup-booter" options only on devices that have such feature;
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed post NAT port reporting;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) usb - fixed power-reset for hAP ac^2 devices;
*) w60g - fixed misleading license level requirement log message;
*) w60g - fixed "scan" functionality when in bridge mode;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
MAJOR CHANGES IN v6.42.10:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - properly disable dynamic CAP interfaces;
*) certificate - fixed time zone adjustment for SCEP requests;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - properly load default configuration after reset (introduced in v6.42.9);
*) health - fixed bad voltage readings on RB493G;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly update warnings under peer menu;
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) led - fixed default LED configuration for SXT LTE kit and wAP 60G AP devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) ntp - fixed possible NTP server stuck in "started" state;
*) ospf - improved stability while handling type-5 LSAs;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - show "boot-os" and "force-backup-booter" options only on devices that have such feature;
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed post NAT port reporting;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) usb - fixed power-reset for hAP ac^2 devices;
*) w60g - fixed misleading license level requirement log message;
*) w60g - fixed "scan" functionality when in bridge mode;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
Версия 6.42.10
2018-11-20
What's new in 6.42.10 (2018-Nov-14 15:04):
MAJOR CHANGES IN v6.42.10:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - properly disable dynamic CAP interfaces;
*) certificate - fixed time zone adjustment for SCEP requests;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - properly load default configuration after reset (introduced in v6.42.9);
*) health - fixed bad voltage readings on RB493G;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly update warnings under peer menu;
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) led - fixed default LED configuration for SXT LTE kit and wAP 60G AP devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) ntp - fixed possible NTP server stuck in "started" state;
*) ospf - improved stability while handling type-5 LSAs;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - show "boot-os" and "force-backup-booter" options only on devices that have such feature;
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed post NAT port reporting;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) usb - fixed power-reset for hAP ac^2 devices;
*) w60g - fixed misleading license level requirement log message;
*) w60g - fixed "scan" functionality when in bridge mode;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
MAJOR CHANGES IN v6.42.10:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - properly disable dynamic CAP interfaces;
*) certificate - fixed time zone adjustment for SCEP requests;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - properly load default configuration after reset (introduced in v6.42.9);
*) health - fixed bad voltage readings on RB493G;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly update warnings under peer menu;
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) led - fixed default LED configuration for SXT LTE kit and wAP 60G AP devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) ntp - fixed possible NTP server stuck in "started" state;
*) ospf - improved stability while handling type-5 LSAs;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - show "boot-os" and "force-backup-booter" options only on devices that have such feature;
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed post NAT port reporting;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) usb - fixed power-reset for hAP ac^2 devices;
*) w60g - fixed misleading license level requirement log message;
*) w60g - fixed "scan" functionality when in bridge mode;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
Версия 6.42.10
2018-11-20
What's new in 6.42.10 (2018-Nov-14 15:04):
MAJOR CHANGES IN v6.42.10:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - properly disable dynamic CAP interfaces;
*) certificate - fixed time zone adjustment for SCEP requests;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - properly load default configuration after reset (introduced in v6.42.9);
*) health - fixed bad voltage readings on RB493G;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly update warnings under peer menu;
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) led - fixed default LED configuration for SXT LTE kit and wAP 60G AP devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) ntp - fixed possible NTP server stuck in "started" state;
*) ospf - improved stability while handling type-5 LSAs;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - show "boot-os" and "force-backup-booter" options only on devices that have such feature;
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed post NAT port reporting;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) usb - fixed power-reset for hAP ac^2 devices;
*) w60g - fixed misleading license level requirement log message;
*) w60g - fixed "scan" functionality when in bridge mode;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;
MAJOR CHANGES IN v6.42.10:
----------------------
!) upgrade - release channels renamed - "bugfix" to "long-term", "current" to "stable" and "release candidate" to "testing";
!) upgrade - "testing" release channel now can contain "beta" together with "release-candidate" versions;
----------------------
*) bridge - do not learn untagged frames when filtering only tagged packets;
*) bridge - fixed possible memory leak when VLAN filtering is used;
*) bridge - improved packet handling when hardware offloading is being disabled;
*) bridge - properly disable dynamic CAP interfaces;
*) certificate - fixed time zone adjustment for SCEP requests;
*) crs328 - improved link status update on disabled SFP and SFP+ interfaces;
*) crs328 - improved link status update on disabled SFP+ interface when using DAC;
*) crs3xx - fixed possible memory leak when disabling bridge interface;
*) defconf - automatically accept default configuration if reset done by holding button;
*) defconf - properly load default configuration after reset (introduced in v6.42.9);
*) health - fixed bad voltage readings on RB493G;
*) ipsec - fixed hw-aead (H) flag presence under Installed SAs on startup;
*) ipsec - improved stability when uninstalling multiple SAs at once;
*) ipsec - properly update warnings under peer menu;
*) led - added "dark-mode" functionality for LHG and LDF series devices;
*) led - fixed default LED configuration for SXT LTE kit and wAP 60G AP devices;
*) led - fixed power LED turning on after reboot when "dark-mode" is used;
*) ntp - fixed possible NTP server stuck in "started" state;
*) ospf - improved stability while handling type-5 LSAs;
*) romon - improved packet processing when MTU in path is lower than 1500;
*) routerboard - renamed SIM slots to "a" and "b" on SXT LTE kit;
*) routerboard - show "boot-os" and "force-backup-booter" options only on devices that have such feature;
*) timezone - updated timezone information from tzdata2018g release;
*) traffic-flow - fixed post NAT port reporting;
*) traffic-flow - fixed "src-mac-address" and added "post-src-mac-address" fields;
*) tunnel - made "ipsec-secret" parameter sensitive;
*) usb - fixed power-reset for hAP ac^2 devices;
*) w60g - fixed misleading license level requirement log message;
*) w60g - fixed "scan" functionality when in bridge mode;
*) w60g - renamed "frequency-list" to "scan-list";
*) winbox - allow to specify SIM slot on LtAP mini;
*) winbox - enabled "fast-forward" by default when adding new bridge;
*) winbox - show "System/Health" only on boards that have health monitoring;
*) winbox - show "W60G" wireless tab on wAP 60G AP;